CVE-2023-53757

Root

Cause

A reference count leak exists in the mvebu_gicp_probe function of the irqchip/irq-mvebu-gicp driver. The function of_irq_find_parent() returns a device node pointer with its reference count incremented. The code failed to call of_node_put() on this node after use, causing the reference count to never be decremented. This oversight prevents the kernel from properly freeing the device node, leading to a persistent memory leak.

Attack

Vector

This vulnerability is not directly exploitable by an unauthenticated attacker from userspace or over a network. The bug is triggered during the driver probe sequence, which occurs when the kernel initializes the Marvell GICP (Generic Interrupt Controller Partition) hardware. An attacker would require the ability to physically manipulate the hardware or to load a malicious device tree that causes the driver to probe repeatedly. However, the leak is cumulative and could be amplified in systems where the driver probes many times or where the system is under memory pressure.

Impact

An attacker with local access or control over device tree configuration could exploit this refcount leak to cause a denial of service by exhausting system memory over time. The leak results in a slow but steady consumption of kernel memory, reducing the memory available for other processes and potentially leading to system instability or a crash. No privilege escalation or data corruption is associated with this bug.

Mitigation

This issue is fixed by the commit that adds the missing of_node_put() call in mvebu_gicp_probe [1][2][3]. Patches have been applied to the stable kernel branches as referenced. Users should update their Linux kernel to a version that includes this fix. No workaround is available without applying the patch.