Linux Kernel DMA Engine Device Leak Vulnerability in at_hdmac Driver

A vulnerability in the Linux kernel's DMA engine, specifically within the at_hdmac driver, has been addressed. The issue involved a memory leak caused by not releasing a reference to the DMA platform device during the 'of_dma_xlate()' function, which is used for channel resource management. Although a previous commit had fixed the leak in certain error scenarios, the problem persisted in cases of successful allocations. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to a memory leak, causing increased memory usage over time and potentially leading to memory exhaustion.

Reproduction

The vulnerability can be reproduced by allocating DMA channels using the at_hdmac driver without properly releasing the associated device references. This can be done by modifying the channel resource management to omit the necessary 'put_device()' calls, allowing the references to accumulate and create a leak.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.