Linux Kernel Resource Leak Vulnerability in MOST Interface Registration

A resource leak vulnerability has been identified in the Linux kernel's MOST (Media Oriented Systems Transport) core component. The issue arises in the most_register_interface() function, which fails to properly release allocated memory if an error occurs before the interface device is registered. This oversight leads to a memory leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a memory leak, where allocated resources are not properly released, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by calling the most_register_interface() function with an interface that triggers an error condition, such as having a poisoned channel or exceeding the maximum number of channels. This will cause the function to return an error code without releasing the allocated resources, demonstrating the resource leak.

Remediation

The vulnerability has been addressed by modifying the most_register_interface() function to initialize the device earlier in the process, use device_add() instead of device_register(), and ensure that put_device() is called on all error paths to free allocated resources. Users can apply the latest patches available in the Linux kernel stable tree to remediate this vulnerability.