Linux Kernel r6040 Ethernet Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's r6040 Ethernet driver. This issue arises because the driver fails to properly disconnect and release references to PHY devices during the removal process or when an error occurs after probing the devices. As a result, unreferenced objects remain, leading to memory leaks. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the r6040 Ethernet driver using the 'modprobe' command. After the driver is loaded, the reference count of the first PHY device connected by the driver is increased. If an error occurs during the driver's initialization, the reference count is not properly released, creating a memory leak. This issue can also be observed when the driver is removed, as the PHY device is not disconnected, leaving another memory leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this issue.