Linux Kernel Intel IPU6 PCI Driver Runtime PM Reference Leak Vulnerability

A vulnerability exists in the Linux kernel's Intel IPU6 PCI device driver, specifically within the stable branch. The issue arises from a runtime power management (PM) reference leak in the 'ipu6_pci_probe()' function. Several error paths were improperly handling PM references, leading to potential resource management issues. The vulnerability has been addressed by adding a proper PM reference release before cleaning up other resources.

Impact

The vulnerability could lead to a runtime power management reference leak, causing improper resource management.

Reproduction

The vulnerability can be reproduced by loading the Intel IPU6 PCI device driver in the Linux kernel. When the driver encounters an error during the probing process, it fails to release the runtime power management reference before cleaning up, creating a reference leak. This can be observed by monitoring the PM reference counts during the driver's initialization and error handling processes.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.