CVE-2023-54190

Root

Cause of_led_get() in the Linux kernel's LED core uses class_findirectly leaks a reference count by calling class_find_device_by_of_node(). That helper itself invokes class_find_device(), which increments the reference count of the returned device. The callerre was never calling put_device() to decrement that count after using the device, causing a persistent reference leak.

Exploitation

Prerequisites To exploit this leak, an attacker would need to repeatedly trigger code path that calls of_led_get() — for example, by repeatedly probing or registering LED device that matches a Device Tree node. No special privileges beyond the ability to control system behavior (e.g., hot‑plugging an LED device or loading/unloading a driver) are required; the leak occurs in standard kernel APIs accessible to user space indirectly.

Impact

Each redundant the reference leak does not directly cause memory corruption or privilege escalation. Over time, repeated calls to of_led_get() will permanently consume kobject references, preventing the underlying device structures from being freed. This can lead to kernel memory exhaustion (OOM) and system instability, effectively a denial‑of‑service (DoS) condition.

Mitigation

The fix requires a single put_device() call after class_find_device_by_of_node() returns a non‑NULL device. The Linux kernel stable tree has already applied the patch (see [1], [2]). Administrators should update to a kernel version that includes the commit or backport the fix. No workaround exists other than applying the kernel update.