Linux Kernel Driver Core Memory Leak Vulnerability in ACPI Physical Location Handling

A memory leak vulnerability has been identified in the Linux kernel's driver core, specifically in the management of ACPI physical location information. The issue arises because the allocated ACPI panel location data is not properly freed before the function returns an error, leading to a memory leak. This vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by adding a physical location to a device without properly handling allocation failures. When the allocation for the physical location data fails, the function should return an error, but the allocated memory for the ACPI panel location is not freed, causing a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel to address this issue.