Linux Kernel IPW2200 Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's IPW2200 wireless driver. The issue arises in the 'ipw_wdev_init()' function, where memory allocated is not properly released upon encountering an error. Additionally, the 'ipw_pci_probe()' function fails to release memory, leading to further leakage. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, which can cause increased memory usage and potentially degrade system performance over time.

Reproduction

The vulnerability can be reproduced by initializing the IPW2200 wireless driver in a way that triggers an error in the 'ipw_wdev_init()' function. This will cause the function to return an error value without releasing the allocated memory, leading to a memory leak. The issue can also be observed during the PCI probe process, where memory is not freed as expected.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.