Linux Kernel Memory Leak Vulnerability in Microchip MPFS System Controller Probe

A memory leak vulnerability has been identified in the Linux kernel's handling of the Microchip MPFS system controller. The issue arises in the 'mpfs_sys_controller_probe()' function, where failure to retrieve the flash device node results in an immediate return without freeing the allocated memory for the system controller. This oversight creates a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage and potential degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the Microchip MPFS system controller driver in a version of the Linux kernel that is affected by this issue. When the 'mpfs_sys_controller_probe()' function is called, the failure of the 'of_get_mtd_device_by_node()' function to retrieve the flash device node will trigger the memory leak. This can be simulated by modifying the driver to introduce a failure in the device node retrieval process.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the kernel to apply the fix.