Linux Kernel Memory Leak Vulnerability in Intel Graphics BIOS Handling

A memory leak vulnerability has been identified in the Linux kernel's handling of BIOS data for Intel graphics. This issue arises in the function that generates pointers for the LFP (Low-Frequency Panel) data table. The vulnerability occurs when certain conditions related to the size and LVDS (Low-Voltage Differential Signaling) entries are met. In these cases, the function attempts to free a pointer that was not properly allocated, leading to potential memory leaks or undefined behavior. The vulnerability has been addressed by modifying the code to correctly manage memory allocation and deallocation.

Impact

Exploitation of this vulnerability could lead to memory leaks or undefined behavior in the system.

Reproduction

The vulnerability can be reproduced by triggering the conditions where the size is not zero or the LVDS entries are not equal to three. Under these circumstances, the function will attempt to free a pointer that was improperly managed, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue can be found in the Linux kernel stable tree.