Linux Kernel SCSI SNIC Memory Leak Vulnerability Fix

A memory leak vulnerability in the SCSI SNIC driver of the Linux kernel has been addressed. The issue arose when the 'device_add()' function failed, as the allocated name was not properly freed. The vulnerability affects the Linux kernel stable tree, specifically within the SCSI SNIC driver for Cisco SCSI Host Bus Adapters. The root cause was a failure to release device references in the error handling path, leading to memory not being freed as intended. The vulnerability could potentially be exploited by causing 'device_add()' to fail, thereby creating a situation where memory is not released, which could be manipulated to exhaust system resources.

Impact

The vulnerability could lead to a memory leak, where allocated memory is not properly released, potentially causing a denial of service by exhausting system memory resources.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'device_add()' function within the SCSI SNIC driver. This can be done by simulating conditions that cause the function to return an error, such as adding a device that fails to initialize properly. When 'device_add()' fails, the driver does not free the name it allocated, leading to a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patch can be downloaded from the Linux kernel Git repository.