Linux Kernel ath9k HIF USB Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ath9k wireless driver, specifically within the USB host interface. The issue arises in the function ath9k_hif_usb_rx_stream(), where received socket buffers (skbs) are not properly freed if the function encounters an error. This can lead to a buildup of unreferenced memory, as invalid packets are dropped without releasing the associated resources. The vulnerability was discovered by the Linux Verification Center using Syzkaller, a fuzzing tool that tests for memory management issues.

Impact

The vulnerability causes a memory leak, where allocated socket buffers are not released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by sending USB packets to a device using the ath9k wireless driver. If the packets contain invalid lengths or tags, the driver will drop the packets but fail to free the associated socket buffers. This can be automated with a fuzzer like Syzkaller, which is designed to find such memory management bugs.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. The patch is available in the official Linux Git repository.