Linux Kernel DLN2 Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's DLN2 driver. When the function 'dln2_setup_rx_urbs()' fails during the 'dln2_probe()' process, the error handling routine does not properly release a reference to the USB device, leading to a memory leak. This issue has been addressed by adding the necessary reference release in the error handling code.

Impact

Exploitation of this vulnerability leads to a memory leak, which can cause increased memory usage and potentially degrade system performance over time.

Reproduction

The vulnerability can be reproduced by causing the 'dln2_setup_rx_urbs()' function to fail during the 'dln2_probe()' process. This failure can be simulated in a development environment by modifying the 'dln2_setup_rx_urbs()' function to return an error, while ensuring that the error handling code does not include the 'usb_put_dev()' call to release the USB device reference. After applying this modification, probing the DLN2 device will result in the memory leak.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the Linux kernel can be found in the official Linux documentation or through the package management system of the Linux distribution in use.