Linux Kernel Power Domain Memory Leak Vulnerability in ARM SCMI Provider

A memory leak vulnerability has been identified in the Linux kernel's handling of power domains for ARM devices using the SCMI protocol. When the function 'of_genpd_add_provider_onecell()' fails during the initialization process, it does not properly remove the already created power domains. This oversight can lead to a memory leak and potentially cause a kernel crash during a later debugging process. The issue arises in the 'scmi_pm_domain_probe' function of the 'scmi_pm_domain.c' file, where the error handling for failed provider registration was inadequate. As a result, the vulnerability can cause instability in the system by allowing the kernel to run out of memory or encounter a critical failure.

Impact

The vulnerability can lead to a memory leak, causing the system to run out of available memory resources. This can disrupt normal operations and potentially cause a kernel crash, leading to a system failure.

Reproduction

To reproduce this vulnerability, attempt to register a power domain provider using the 'of_genpd_add_provider_onecell()' function. If the registration fails, the previously created power domains will not be removed, leading to a memory leak. This can be observed by monitoring the system's memory usage, which will show an increase as the leaked memory accumulates. Eventually, this can cause the kernel to crash, particularly if the 'genpd_debug_add()' function is called, which triggers the crash by accessing the leaked memory.

Remediation

The vulnerability has been addressed by adding proper error handling in the 'scmi_pm_domain_probe' function. The updated version of this function now removes any initialized power domains if the provider registration fails, ensuring that all resources are correctly released. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this vulnerability.