Linux Kernel IPMI SSIF Adapter Name Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's IPMI SSIF (Intelligent Platform Management Interface Serial Management Interface) adapter scanning function. This issue arises because the function ssif_info_find() assigns the adapter name based on information from SMBIOS (System Management BIOS), but this name can be leaked if the function is called multiple times without proper checks. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability leads to a memory leak, where the adapter name is improperly retained, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by calling the ssif_info_find() function multiple times for the same adapter. The function will leak the adapter name if it has already been set, as it does not check for existing values before assigning a new one.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to apply the fix.