Linux Kernel ath12k Wi-Fi Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ath12k Wi-Fi driver, specifically within the 'ath12k_service_ready_ext_event' function. The issue arises because the 'svc_rdy_ext.mac_phy_caps' variable is not properly freed in cases of failure, leading to a memory leak. This unreferenced object, which is 1024 bytes in size, has been detected by 'kmemleak', indicating that the memory is not being released as it should be. The problem has been observed in the QCN9274 hardware version 2.0, running the PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 firmware.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

To reproduce this vulnerability, the ath12k Wi-Fi driver must be used on a device with the QCN9274 hardware version 2.0 and the specified firmware. When the 'ath12k_service_ready_ext_event' function is called, the 'svc_rdy_ext.mac_phy_caps' variable will not be freed in the event of a failure, causing a memory leak. This can be verified by observing the 'kmemleak' output, which will show the unreferenced object as a memory leak.

Remediation

The vulnerability has been addressed by modifying the 'ath12k_service_ready_ext_event' function to ensure that 'svc_rdy_ext.mac_phy_caps' is freed in the event of a failure. Users should update to the latest version of the Linux kernel where this fix has been applied.