Linux Kernel Broadcom Brcmfmac Wireless Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's handling of Broadcom wireless devices, specifically within the brcmfmac driver. The issue arises in the brcmf_netdev_start_xmit() function, which fails to properly release memory under certain conditions, particularly when expanding the headroom of network packets. This oversight could potentially lead to increased memory usage and degradation of system performance.

Impact

Exploitation of this vulnerability can cause a memory leak, where the system fails to release unused memory, potentially leading to increased memory consumption and performance degradation over time.

Reproduction

The vulnerability can be reproduced by using a Broadcom wireless device with the brcmfmac driver in the Linux kernel. When the brcmf_netdev_start_xmit() function is called, it will return NETDEV_TX_OK without freeing the associated socket buffer (skb) if the pskb_expand_head() function fails. This behavior creates a memory leak, as the allocated memory for the skb is not returned to the system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is 212fde3fe76e962598ce1d47b97cc78afdfc71b3.