CVE-2023-54111

Vulnerability

In the Linux kernel, the rockchip pinctrl driver's rockchip_pinctrl_parse_groups function calls of_find_node_by_phandle() which returns a device node pointer with its reference count incremented. The function failed to call of_node_put() after using the node, causing a reference count leak [1]. This is a common memory management bug in Linux kernel device tree parsing code.

Exploitation

The vulnerability is in the kernel's pinctrl subsystem for Rockchip platforms. An unprivileged attacker cannot directly trigger this path unless they can control device tree content, which typically requires local root access or loading a crafted device tree overlay. The refcount leak accumulates over time during normal operation or repeated driver probing, eventually leading to memory exhaustion.

Impact

An attacker with the ability to repeatedly trigger the vulnerable code path can cause a denial of service by exhausting kernel memory through the refcount leak. While the leak does not provide arbitrary code execution or privilege escalation, it can degrade system stability and availability.

Mitigation

The fix adds a missing of_node_put() call to properly release the reference. The stable kernel commit hash 3c40b34e3462aab12af3dba77d2e1602afc72e80 [2] resolves the issue, along with additional backports [3]. Users should update to the latest stable kernel that includes the fix.