Linux Kernel VFIO-AP Device Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the VFIO AP device driver of the Linux kernel. This issue arises because the device release callback function attempts to use the 'dev_get_drvdata' function to access the 'vfio_matrix_dev' object for memory deallocation. However, the 'vfio_matrix_dev' object is not properly registered as driver data with the device. As a result, the memory allocated for this object is never released, leading to a leak. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by using the VFIO AP device driver in the Linux kernel. When the matrix device is released, the device release callback will be invoked. This callback will attempt to retrieve the 'vfio_matrix_dev' object using 'dev_get_drvdata', but since the object was not stored as driver data, it will result in a memory leak. The 'container_of' macro can be used to manually retrieve the pointer to the 'vfio_matrix_dev' object, which is the correct approach to avoid the memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The commit that addresses this issue is available in the Linux kernel stable tree.