Linux Kernel HID Raw Interface Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's HID (Human Interface Device) subsystem, specifically within the hidraw interface. The issue arises in the hidraw_release function, where buffered reports are not properly freed before the list entry is deleted. This oversight leads to unreferenced objects remaining in memory, which can accumulate and cause a memory leak. The vulnerability has been addressed in the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where unreferenced objects are left in memory, potentially causing exhaustion of available memory resources over time.

Reproduction

The vulnerability can be reproduced by using the hidraw interface in the Linux kernel. When reports are buffered and the hidraw_release function is called, the lack of proper memory management can be observed, leading to a memory leak. This can be verified by monitoring memory usage and identifying unreferenced objects that remain in memory after the release function is executed.

Remediation

Users should upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.