Linux Kernel UML Vector Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the User Mode Linux (UML) vector network driver of the Linux kernel. This issue arises in the 'vector_config' function, where the 'uml_parse_vector_ifspec' function can return NULL. If this occurs, the 'params' variable is not properly freed, leading to a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage over time, which can degrade system performance.

Reproduction

The vulnerability can be reproduced by loading the User Mode Linux vector network driver and configuring it with a specification that causes the 'uml_parse_vector_ifspec' function to return NULL. This will trigger the memory leak by failing to free the 'params' variable, which is allocated memory that is not released when the function exits.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.