Linux Kernel ath9k Wireless Driver USB Interface Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ath9k wireless driver, specifically within the USB interface. This issue arises in the function 'ath9k_hif_usb_dealloc_tx_urbs()', where USB request blocks (urbs) are not properly freed. The leak occurs because 'usb_get_urb()' is called to retrieve an urb, but the corresponding 'usb_free_urb()' or 'usb_put_urb()' is not executed. Instead, 'usb_kill_urb()' is invoked, which returns immediately without handling the urb, as its device or endpoint fields are uninitialized. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability leads to a memory leak of USB request blocks, which can accumulate over time and potentially cause performance degradation or exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by using the ath9k wireless driver with a USB interface. When the driver deallocates transmission urbs, it fails to properly free all allocated USB request blocks, leading to a memory leak. This issue can be detected using memory analysis tools that identify unfreed allocations.

Remediation

Users can upgrade to the patched version of the Linux kernel, which is available in the official Linux kernel repositories. Instructions for upgrading the kernel can be found in the documentation for the specific Linux distribution in use.