Linux Kernel SCSI EFCT Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's SCSI EFCT driver. This issue arises in the 'efct_device_init()' function, where the failure of 'efct_scsi_reg_fc_transport()' to execute properly results in 'efct_scsi_tgt_driver_exit()' not being called. Consequently, memory allocated during 'efct_scsi_tgt_driver_init()' is not released, leading to a memory leak. The unreferenced object causing the leak is approximately 2048 bytes in size.

Impact

The vulnerability causes a memory leak, with unreferenced objects not being properly released, potentially leading to increased memory usage over time.

Reproduction

The vulnerability can be reproduced by loading the EFCT SCSI target driver. When the driver initialization routine 'efct_scsi_reg_fc_transport()' fails, the corresponding cleanup function 'efct_scsi_tgt_driver_exit()' is not called, resulting in a memory leak. This can be observed by monitoring the system's memory usage or by using debugging tools to track allocated but unfreed memory.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.