Linux Kernel Memory Leak Vulnerability in Media Iris Component

A memory leak vulnerability has been identified in the Linux kernel's media iris component. This issue arises because an internal buffer, allocated once per session, was not properly freed during session closure. The buffer was not tracked as part of the internal buffer list, leading to the memory leak. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by allocating a persistent internal buffer in the media iris component, then closing the session without freeing the buffer. This can be done by modifying the session close logic to exclude the untracked buffer from the internal buffer list, thereby creating a memory leak.

Remediation

The vulnerability has been addressed by adding logic to explicitly free the untracked internal buffer during session close. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this vulnerability.