Linux Kernel Mediatek MDP Reference Leak Vulnerability

A reference leak vulnerability has been identified in the Mediatek MDP driver of the Linux kernel. The issue arises in the 'mtk_mdp_probe()' function, where the 'vpu_get_plat_device()' call increases the reference count of the returned platform device. The corresponding 'platform_device_put()' is missing, leading to a reference leak. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to a reference count imbalance, potentially causing memory management issues such as use-after-free conditions or memory leaks.

Reproduction

The vulnerability can be reproduced by loading the Mediatek MDP driver and then unloading it. The 'mtk_mdp_remove()' function will be called, which disables runtime power management and clears the maximum segment size for DMA-contiguous buffers. However, because 'platform_device_put()' is not called to decrease the reference count of the platform device obtained during probing, a reference leak occurs.

Remediation

The vulnerability has been addressed by adding the missing 'platform_device_put()' call in the 'mtk_mdp_remove()' function. Users can apply the latest patches from the Linux kernel stable tree to remediate this issue.