Linux Kernel GPIO Resource Leak Vulnerability in gpiochip_add_data_with_key Function

A resource leak vulnerability has been identified in the Linux kernel's GPIO subsystem, specifically within the gpiochip_add_data_with_key function. This issue arises because, following a certain commit, the release function for GPIO devices is not properly set, leading to a failure in decrementing the reference count on error paths. Consequently, this oversight can cause memory leaks or, in some cases, double-free errors. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to memory leaks or double-free errors, both of which can cause instability in the system.

Reproduction

The vulnerability can be reproduced by adding a GPIO chip without properly handling errors in the initialization process, which can be done by modifying the GPIO subsystem to introduce a chip that causes an error during setup. This will trigger the error handling path that does not properly release resources, leading to a memory leak or a double-free condition.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the latest stable kernel can be found on the official Linux kernel website.