Linux Kernel Memory Leak Vulnerability in Netdevsim Driver

A memory leak vulnerability has been identified in the Linux kernel's netdevsim driver. This issue arises in the 'nsim_drv_probe()' function when the 'nsim_dev_resources_register()' process encounters failures. The vulnerability leads to unreferenced objects remaining in memory, which can cause resource exhaustion over time. The leaked memory is associated with the 'echo' command, indicating that the issue may be triggered by user-space interactions.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, leading to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by loading a device that uses the netdevsim driver and triggering a failure in the 'nsim_dev_resources_register()' function. This can be done by attempting to register resources that are not available or by simulating a failure in the resource registration process. The memory leak can be observed by monitoring the system's memory usage, which will show an increase due to the unreferenced objects not being freed.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability. The patch is available in the commit '6b1da9f7126f05e857da6db24c6a04aa7974d644'.