Linux Kernel Refcount Leak Vulnerability in Display Timing Handling

A refcount leak vulnerability has been identified in the Linux kernel's handling of display timings within the framebuffer (fbdev) subsystem. This issue arises in the function 'of_get_display_timings()', where a device node's reference count is incremented but not properly decremented in certain error scenarios. Specifically, when the function encounters an error and jumps to the 'entryfail' label, the reference count for 'native_mode' is not decreased, leading to a memory leak. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where reference counts are not properly managed, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by invoking the 'of_get_display_timings()' function with a device node that triggers an error condition. This will cause the function to jump to the 'entryfail' label without decrementing the reference count for 'native_mode', thereby creating a refcount leak.

Remediation

The vulnerability has been addressed by modifying the error handling in 'of_get_display_timings()'. The goto statement was changed from 'entryfail' to 'timingfail', ensuring that the reference count is properly decremented before the function exits. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.