Miaoqian Lin

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the dmaengine ti component. The problem arises from the `of parse phandle()` function returning a node pointer with an incremented refcount, which requires the use of `of node put()` when the node is no longer needed to prevent a leak. The issue is resolved by adding a missing `of node put()` call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the meson smp prepare cpus function. The of find compatible node() function returns a node pointer with an incremented refcount, which requires the use of of node put() when done to avoid a refcount leak. The issue has been resolved by adding a missing of node put() call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the arm-versatile power/reset module. The `of find matching node and match()` function returns a node pointer with an incremented refcount, which should be decremented using `of node put()` when no longer needed to prevent a refcount leak. The issue arises from a missing `of node put()` call. **Recommendations** For the affected Linux kernel versions, add the missing `of node put()` call in the `versatile reboot probe()` function to avoid the refcount leak.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the drm/msm/a6xx component. The `of parse phandle()` function returns a node pointer with an incremented refcount, which should be decremented using `of node put()` when no longer needed. In the `a6xx gmu init()` function, the node is passed to `of find device by node()` and `of dma configure()`, where `of find device by node()` takes a reference to the node, but `of dma configure()` does not require the node after its usage. This results in a refcount leak, which is resolved by adding a missing `of node put()` call. **Recommendations** To resolve this issue, apply the patch that adds the missing `of node put()` call in the `a6xx gmu init()` function to avoid the refcount leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential double free issue in the elan input configured function of the Linux kernel's HID (Human Interface Device) elan driver has been resolved. The issue arises because the `input` resource, allocated with `devm input allocate device()`, is freed explicitly with `input free device()`, leading to a double free. According to the documentation of `devm input allocate device()`, managed input devices are automatically unregistered and freed when the owner device unbinds from its driver, making explicit unregistration or freeing unnecessary. **Recommendations** For the affected Linux kernel versions, consider updating to a version that includes the fix for the double free issue in the elan input configured function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the ASoC: fsl component, within the imx sgtl5000 probe function. The of find i2c device by node() function takes a reference, and in error paths, it is necessary to call put device() to drop the reference and avoid a refcount leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the ab8500 power supply component. The `kobject init and add()` function takes a reference even when it fails, leading to a memory leak. According to the documentation, `kobject put()` must be called to properly clean up the memory associated with the object when `kobject init and add()` returns an error. The issue is resolved by calling `kobject put()` to fix the memory leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the imx sc thermal probe function within the thermal/drivers/imx sc thermal module. The of find node by name() function returns a node pointer with an incremented refcount, but a missing of node put() call fails to decrement the refcount when the node is no longer needed, resulting in a refcount leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the powerpc/fsl rio component of the Linux kernel. The `of parse phandle()` function returns a node pointer with an incremented refcount, which should be decreased using `of node put()` when no longer needed to prevent a refcount leak. This issue has been resolved by adding a missing `of node put()` call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak was found in the mtk pcie subsys powerup() function. The of find compatible node() function returns a node pointer with refcount incremented. To fix this issue, the missing of node put() function call was added to release the refcount. **Recommendations** For the affected Linux kernel versions, add the missing of node put() call to the mtk pcie subsys powerup() function to release the refcount and fix the refcount leak.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the lantiq gswip driver. The problem occurs when the for each available child of node() loop is terminated early, causing the reference count of the previous node to be decremented without a corresponding of node put() call. This results in a refcount leak. The issue is resolved by adding a missing of node put() call to avoid the leak. **Recommendations** To resolve the issue, apply the fix that adds the missing of node put() call to the gswip gphy fw list function in the lantiq gswip driver.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the altera tse mdio create function. The problem occurs because every iteration of for each child of node() decrements the reference count of the previous node. When breaking from a for each child of node() loop, it is necessary to explicitly call of node put() on the child node if it is no longer needed. The issue arises from a missing of node put() call, which is required to prevent a refcount leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the pata octeon cf module. The of find device by node() function takes a reference, which should be released using put device() when no longer needed to prevent a refcount leak. The issue arises from a missing put device() call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the `mv88e6xxx mdios register` function. The `of get child by name()` function returns a node pointer with an incremented refcount, which should be decremented using `of node put()` when no longer needed. However, in `mv88e6xxx mdio register()`, the device node is passed to `of mdiobus register()` and not released afterwards, resulting in a refcount leak. **Recommendations** To resolve this issue, apply the fix that adds the missing `of node put()` call to avoid the refcount leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the dmi-sysfs firmware component. The problem arises when the `kobject init and add()` function fails but still takes a reference, leading to a memory leak. According to the documentation, `kobject put()` must be called to properly clean up the associated memory when `kobject init and add()` returns an error. This issue has been resolved by adding the necessary call to `kobject put()`. **Recommendations** For the affected Linux kernel versions, the issue can be resolved by applying the fix that calls `kobject put()` when `kobject init and add()` fails. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the ts4800 wdt probe function of the Linux kernel. The of parse phandle() function returns a node pointer with an incremented refcount, which should be decremented using of node put() when no longer needed. To fix the issue, a missing of node put() call has been added in some error paths. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential NULL dereference issue has been identified in the Linux kernel, specifically in the `aspeed vuart probe` function related to the `8250 aspeed vuart` serial component. The issue arises because `platform get resource()` may return NULL, and its return value should be checked to prevent a NULL pointer dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel's ASoC atmel module has been identified, specifically in the `sam9x5 wm8731 driver probe` function. The problem arises from incorrect error handling, leading to a refcount leak when `of parse phandle()` returns a `device node` pointer with an incremented refcount. This leak occurs because `of node put()` is only called in the regular path, not in the error path. **Recommendations** For the affected Linux kernel versions, consider applying a patch that ensures `of node put()` is called in both the regular and error paths of the `sam9x5 wm8731 driver probe` function to prevent refcount leaks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the ASoC mxs sgtl5000 probe function. This issue occurs when the function fails to properly release reference counts in error paths, such as when `codec np` is NULL but `saif np[0]` and `saif np[1]` are not NULL. The `of node put()` function is used to release the refcount of regular pointers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the exynos-ppmu devfreq driver. The `of get devfreq events` function fails to call `of node put()` in error paths, leading to a refcount leak. This occurs because `of get child by name()` returns a node pointer with an incremented refcount, which should be decremented using `of node put()` when no longer needed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.