Linux Kernel Remoteproc Resource Management Vulnerability Leading to Memory Leak

A vulnerability in the Linux kernel's remoteproc core has been addressed, which involved improper resource management during the attachment of remote processors. When the function rproc_handle_resources() failed, the resources allocated by imx_rproc_prepare() were not released, causing a memory leak. The issue arose because rproc_attach() did not correctly handle the cleanup of resources, leaving allocated memory unreferenced and unused. This vulnerability could be exploited under certain conditions where remote processors are managed improperly, leading to resource leaks that could affect system performance.

Impact

The vulnerability could be exploited to cause a memory leak, where allocated resources are not properly released, potentially leading to increased memory usage and degraded system performance over time.

Reproduction

The vulnerability can be reproduced by attaching a remote processor using rproc_attach() when the processor's state is RPROC_DETACHED'. If rproc_handle_resources() fails during this process, the resources allocated by imx_rproc_prepare() will not be released, causing a memory leak. This can be observed by monitoring the system's memory usage, which will show an unreferenced object remaining allocated after the failed resource handling.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.