Linux Kernel Memory Leak Vulnerability in Think-LMI Platform Driver

A memory leak vulnerability has been identified in the Linux kernel's Think-LMI platform driver for x86 systems. This issue arises because the function 'tlmi_setting()' retrieves item strings that must be freed with 'kfree()'. However, in the 'current_value_show()' function, malformed item strings are not properly freed, leading to a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using the Think-LMI platform driver on an affected version of the Linux kernel. When the 'current_value_show()' function is called, it processes item strings retrieved by 'tlmi_setting()'. If these strings are malformed, they will not be freed correctly, causing a memory leak. This behavior can be observed by monitoring memory usage before and after the function is executed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit that addresses this issue is available in the Linux kernel stable tree.