Linux Kernel ath9k Wireless Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ath9k wireless driver, specifically within the USB host interface. The issue arises in the 'ath9k_hif_usb_rx_stream' function, where a variable 'remain_skb' is allocated but not properly freed if the associated USB request blocks (urbs) are deallocated before the next processing call. This can occur during device deinitialization or suspension, leading to a memory leak. The vulnerability was triggered by the Linux Verification Center's Syzkaller tool.

Impact

Exploitation of this vulnerability can lead to a memory leak, causing increased memory usage and potential degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using a device that employs the ath9k wireless driver with the USB host interface. During normal operation, the driver allocates a 'remain_skb' variable to manage incoming data. If the USB request blocks are deallocated before the driver has a chance to process and free this variable, a memory leak occurs. This scenario can be simulated by manually suspending or deinitializing the device before the driver completes its data processing, which will cause the 'remain_skb' variable to be allocated but not freed, leading to a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux documentation.