Linux Kernel WWAN HWSIM Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's WWAN device simulator module. When the 'device_register()' function fails, the reference count of the associated kobject is not properly decremented, leading to a leak of the name allocated by 'dev_set_name()'. This unreferenced object remains in memory, causing a potential resource drain. The issue has been addressed by modifying the error handling to include a call to 'put_device()', allowing the leaked name to be freed in the 'kobject_cleanup()' callback.

Impact

Exploitation of this vulnerability could lead to a memory leak, where allocated memory is not properly released, potentially causing a gradual increase in memory usage and degrading system performance over time.

Reproduction

The vulnerability can be reproduced by loading the WWAN HWSIM module using 'modprobe'. If the 'device_register()' function fails, the module will not properly release the name 'hwsim0', which is allocated during the device registration process. This leaked name can be observed as an unreferenced object in memory, indicating a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.