Linux Kernel Coresight Memory Leak Vulnerability in ACPI Buffer

A memory leak vulnerability has been identified in the Linux kernel's Coresight component, specifically within the ACPI buffer handling. The issue arises when the ACPI buffer memory is allocated but not properly freed, leading to unreferenced objects that can be detected by memory leak tracking tools. This vulnerability was introduced in a previous update that added support for ACPI bindings, and it can be reproduced by evaluating ACPI objects without releasing the allocated memory, causing a gradual increase in memory usage over time.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using the Coresight component of the Linux kernel to evaluate ACPI objects. This can be done through the 'acpi_evaluate_object_typed' function, which allocates memory for the ACPI buffer but does not free it before the function returns. As a result, the allocated memory remains unreferenced and is reported as a leak by 'kmemleak'.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.