Linux Kernel QLogic QLCNIC Potential Memory Leak Vulnerability in SR-IOV Initialization

A memory leak vulnerability has been identified in the Linux kernel's QLogic QLCNIC driver, specifically within the SR-IOV initialization function. When the virtual function allocation fails, the function does not properly free previously allocated resources, leading to a memory leak. This issue affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by attempting to initialize SR-IOV on a QLogic QLCNIC network adapter while simulating a failure in the virtual function allocation process. This can be done by modifying the driver's allocation logic to introduce a failure, then observing that the function does not free previously allocated resources, which leads to a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patches can be downloaded from the Linux kernel Git repository.