Linux Kernel Memory Leak Vulnerability in stmmac Driver

A memory leak vulnerability has been identified in the Linux kernel's stmmac Ethernet driver. This issue arises in the 'stmmac_dvr_probe()' function, where the 'bitmap_free()' function is not called to free the 'af_xdp_zc_qps' resource if 'create_singlethread_workqueue()' fails. As a result, memory allocated for this resource is not released, leading to a potential memory leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the stmmac Ethernet driver and triggering a failure in the 'create_singlethread_workqueue()' function. This can be done by modifying the driver code to simulate a workqueue creation failure, which will cause the 'stmmac_dvr_probe()' function to exit without freeing the 'af_xdp_zc_qps' resource, leading to a memory leak.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the stable kernel to apply the fix.