Linux Kernel USB XHCI Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's USB XHCI host controller driver. The issue arises in the 'xhci_alloc_stream_info' function, which allocates a stream context array for managing USB streams. If an error occurs during this process, the allocated array is not properly released, leading to a memory leak. This vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering an error in the 'xhci_alloc_stream_info' function after the 'stream_ctx_array' has been allocated but before it is released. This can be done by simulating a failure in the stream allocation process, which would cause the function to exit without freeing the allocated memory, leading to a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.