Linux Kernel Netdevsim Memory Leak Vulnerability in Device Registration

A memory leak vulnerability has been identified in the Linux kernel's netdevsim component, specifically within the device registration process. When the function 'nsim_bus_dev_new()' fails to register a device, it leaves a reference count of 1 on the device structure, preventing the proper release of the device name. This issue results in an unreferenced object remaining in memory, which can lead to resource exhaustion over time.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by attempting to register a device using the 'nsim_bus_dev_new()' function and forcing the registration to fail. This failure will leave the device name in an unreferenced state, creating a memory leak.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. The patch is included in the commit 'cf2010aa1c739bab067cbc90b690d28eaa0b47da'.