Linux Kernel ath12k Driver Memory Leak Vulnerability in Extended Statistics Mode

A memory leak vulnerability has been identified in the ath12k driver of the Linux kernel, specifically when extended statistics mode is enabled. The issue arises because the driver allocates memory for the 'mon_mpdu' object without freeing it, leading to a memory leak. This allocation occurs while the driver subscribes to certain TLVs from the monitor destination ring, which are used to update per-packet statistics. The memory allocation for the 'mon_mpdu' object is only necessary in standalone monitor mode, creating a leak when extended statistics mode is active instead.

Impact

Exploitation of this vulnerability leads to a memory leak, which can cause increased memory usage and potentially degrade system performance over time.

Remediation

The vulnerability has been addressed by removing the unnecessary memory allocation for the 'mon_mpdu' object in the HAL_RX_MPDU_START TLV handling. Additionally, the standalone monitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs have been removed, with a note that these will be properly handled when enabling standalone monitor mode in the future.