Linux Kernel Staging vt6655 Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's staging vt6655 driver. The issue arises in the 'device_init_td0_ring' function, where memory is allocated for the 'td_info' member of 'priv->apTD0Rings[i]'. The index 'i' starts at 0 and increases with each iteration. If the memory allocation fails, the function attempts to free the memory in reverse order, decrementing 'i' back to 0. However, the case where 'i' equals 0 is not handled, leading to a memory leak. The solution involves modifying the memory deallocation loop to include 'i=0'.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering a memory allocation failure in the 'device_init_td0_ring' function of the vt6655 driver. This can be done by simulating low memory conditions or by modifying the driver to intentionally cause allocation failures. Once the allocation fails, the function will attempt to free the memory, but will skip the 'i=0' case, causing a leak. This behavior can be observed by monitoring memory usage before and after the function is called.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the kernel where this issue has been fixed.