Linux Kernel mwifiex Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's mwifiex wireless driver. This issue arises in the 'mwifiex_histogram_read()' function, where a zeroed page is not properly freed before the function returns. The vulnerability affects the Linux kernel stable tree, specifically in the Marvell mwifiex component.

Impact

The vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by invoking the 'mwifiex_histogram_read()' function in the context of the mwifiex wireless driver. The function will attempt to read histogram data, but if the private data structure is not properly initialized or if there is no histogram data available, it will return an error without freeing the allocated memory. This behavior can be triggered under normal operation of the driver, where the histogram data is not populated, leading to a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patches can be downloaded from the Linux kernel Git repository.