Linux Kernel Resource Leak Vulnerability in V4L2 Fwnode Link Parsing

A resource leak vulnerability has been identified in the Linux kernel's Video4Linux2 (V4L2) subsystem, specifically within the fwnode link parsing function. This vulnerability arises when the function fwnode_graph_get_remote_endpoint() fails, leaving a NULL 'fwnode' that causes the fwnode_handle_put() operation to be ineffective. The issue is compounded by the fact that failures in fwnode_graph_get_port_parent() are not properly handled. To address these problems, an error handling path has been added to the function, along with the necessary control flow adjustments.

Impact

The vulnerability could lead to a resource leak, where references are not properly released, potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by invoking the v4l2_fwnode_parse_link() function with a fwnode that has a remote endpoint retrieval failure. This scenario will result in a NULL fwnode, causing the function to skip the necessary cleanup of previously acquired resources, thereby creating a resource leak.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux Git repository.