CVE-2023-54075

Vulnerability

Overview

In the Linux kernel, a reference count leak vulnerability exists in the ASoC Mediatek common driver's parse_dai_link_info function. The issue arises from missing of_node_put() calls before early returns in a loop that uses for_each_available_child_of_node. This macro increments the reference count of device nodes, and without proper decrementing, the reference count can become unbalanced, leading to a leak [1].

Exploitation

To exploit this vulnerability, an attacker would need to trigger the specific code path where the loop returns early, such as when an error occurs during parsing. The attack surface is local, requiring access to the system to load or manipulate device tree nodes that cause the parsing function to exit prematurely. No authentication is needed beyond local access, and the vulnerability can be triggered through normal system operations involving audio hardware initialization.

Impact

If exploited, the reference count leak can lead to memory resource exhaustion over time, potentially causing system instability, or denial of service. The leak prevents proper cleanup of device node references, which may cause the kernel to retain references to nodes that should be freed, potentially leading to use-after-free or other memory corruption issues in the long term.

Mitigation

The fix has been applied in the Linux kernel stable tree via commit beed115c2ce78f990222a29abed042582df4e87c [1]. Users should update their kernel to include this patch. No workaround is available other than applying the patch.