Linux Kernel DMAengine Device Leak Vulnerability in IDX Driver Compatibility Interface

A vulnerability exists in the Linux kernel's DMAengine subsystem, specifically within the Intel Integrated Accelerator (IDX) driver. This issue leads to device reference leaks when binding and unbinding devices through the compatibility layer of the sysfs interface. The vulnerability arises because the reference taken during the device lookup is not properly released, potentially causing resource management issues.

Impact

The vulnerability can cause device reference leaks, which may lead to resource exhaustion or other unintended behaviors in the device management system.

Reproduction

The vulnerability can be reproduced by binding and unbinding IDX devices through the compatibility sysfs interface without properly releasing the device references. This can be done by interacting with the 'bind' and 'unbind' attributes of the IDX driver in a way that triggers the reference leak, such as binding a device that is already managed by a different driver or unbinding a device that is not properly referenced.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.