Linux Kernel Memory Leak Vulnerability in xHCI Debug Capability Management

A memory leak vulnerability has been identified in the Linux kernel's handling of the xHCI debug capability (DbC) feature. When DbC is already in use, the function responsible for allocating memory for the xhci_dbc structure fails to free the previously allocated memory before returning NULL. This oversight creates a memory leak, as the unfreed memory remains allocated but inaccessible, potentially leading to increased memory usage and degradation of system performance over time.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, causing increased memory consumption and potential performance issues.

Reproduction

The vulnerability can be reproduced by using the xHCI debug capability feature in the Linux kernel. When DbC is active, the xhci_alloc_dbc function is called to allocate memory for the xhci_dbc structure. If DbC is already in use, the function returns NULL without freeing the previously allocated memory, creating a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.