Linux Kernel ACPI Memory Leak Vulnerability in Radeon Driver

A memory leak vulnerability has been identified in the Linux kernel's Radeon graphics driver. When the driver retrieves BIOS information from the ACPI VFCT table, it fails to release the allocated ACPI memory by not calling the necessary cleanup function. This oversight can lead to increased memory usage over time. The issue has been addressed by adding the missing function call to properly release the memory, thereby preventing the leak.

Impact

Exploitation of this vulnerability can lead to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the Radeon driver and accessing the ACPI VFCT table. The driver will read the BIOS information from the table but will not release the allocated memory, leading to a memory leak. This can be observed by monitoring the system's memory usage over time, which will show an increase due to the unreleased ACPI memory.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Stable Tree to address this vulnerability.