Linux Kernel SCSI QLA2XXX Memory Leak Vulnerability in qla2x00_probe_one()

A memory leak vulnerability has been identified in the Linux kernel's SCSI QLA2XXX driver, specifically within the qla2x00_probe_one() function. This leak occurs when the adapter initialization fails, leaving allocated memory unfreed. The issue was reported by kmemleak, which detected an unreferenced object, indicating the presence of a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the QLA2XXX SCSI driver module using 'modprobe'. If the adapter initialization fails, the qla2x00_probe_one() function will not release the allocated memory for the port information, leading to a memory leak. This unfreed memory can be detected by kmemleak, which will report the unreferenced object as a memory leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.