Linux Kernel WiFi RTW89 Driver Memory Leak Vulnerability in Probe Request Handling

A memory leak vulnerability has been identified in the Linux kernel's WiFi RTW89 driver, specifically within the 'rtw89_append_probe_req_ie' function. This issue arises because the function fails to properly free a allocated memory before exiting, which can lead to a memory leak. The vulnerability has been addressed by modifying the code to free the memory before the function exits.

Impact

Exploitation of this vulnerability could lead to a memory leak, causing increased memory usage over time and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by triggering a hardware scan in the WiFi RTW89 driver, which will invoke the 'rtw89_append_probe_req_ie' function. The function will process probe request information but will fail to free a specific allocated memory buffer before exiting, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.