Linux Kernel Memory Leak Vulnerability in USB Gadget Function EEM

A memory leak vulnerability has been identified in the Linux kernel's USB gadget function, specifically in the echo Ethernet emulation model (f_eem). The issue arises because the code fails to properly manage errors when queuing USB endpoint requests, which can lead to unfreed memory. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering a failure in the usb_ep_queue function within the eem_unwrap function of the f_eem USB gadget. This can be done by simulating a condition where the endpoint queue cannot accept a request, such as by overloading the USB endpoint or introducing an error condition that the function does not handle properly. The failure can be observed through kmemleak, which will report unreferenced objects that were allocated but not freed, indicating a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patch improves error handling in the eem_unwrap function to ensure that all allocated resources are freed when usb_ep_queue fails.