Linux Kernel mt76: mt7615 Memory Leak Vulnerability in mcu_wtbl_sta_add Function

A memory leak vulnerability has been identified in the Linux kernel's mt76 wireless driver, specifically within the mt7615 module. The issue arises in the mt7615_mcu_wtbl_sta_add() function, where an skb (socket buffer) is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing the allocated skb, leading to a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by calling the mt7615_mcu_wtbl_sta_add() function with parameters that trigger a failure in the mt76_connac_mcu_alloc_wtbl_req() call. This will result in the allocated skb not being freed, causing a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.