Linux Kernel iwlwifi Memory Leak Vulnerability in Debugfs

A memory leak vulnerability has been identified in the Linux kernel's iwlwifi wireless driver. This issue arises when the fw_info file is read completely. The driver returns NULL to indicate that there is no more data, but fails to free the associated status tracking object, leading to a memory leak. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage that is not released back to the system.

Reproduction

The vulnerability can be reproduced by reading the fw_info file in its entirety through the debugfs interface of the iwlwifi driver. As the file is read, the driver will return NULL when no more data is available, but will not free the memory used to track the read status, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.