Linux Kernel EDAC Versalnet Device Name Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's EDAC Versalnet driver. The issue arises because the device name, allocated using kzalloc() in the init_one_mc() function, is assigned to dev->init_name but is never freed during the normal removal process. When device_register() is called, it copies init_name and then sets dev->init_name to NULL, making the name pointer inaccessible from the device and causing a memory leak. The vulnerability affects the Linux kernel EDAC Versalnet driver for the AMD Versal NET DDR controller.

Impact

The vulnerability leads to a memory leak, causing allocated memory to remain unfreed and potentially leading to increased memory usage over time.

Reproduction

The vulnerability can be reproduced by loading the EDAC Versalnet driver, which is automatically done when the driver is included in the kernel. The driver will allocate a device name for each memory controller but will not free it when the controller is removed, leading to a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel. Users can apply the latest patches available in the Linux kernel stable tree to address this issue.