Linux Kernel VKMS Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's VKMS (Virtual Kernel Mode Setting) driver. This issue arises in the 'vkms_init' function, where the return value of 'vkms_create' is not properly checked. If 'vkms_create' fails, the memory allocated for the configuration is not freed, leading to a memory leak. The vulnerability was introduced in a previous commit that added the 'vkms_config' type.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

To reproduce this vulnerability, load the VKMS module using 'modprobe'. The module initialization will fail, but not before leaking a small amount of memory (16 bytes) that is not freed due to the missing error handling. This can be observed by checking the memory usage before and after loading the module.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.