Linux Kernel RTL8150 USB Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's RTL8150 USB driver. When the function 'usb_submit_urb()' fails, the allocated 'async_req' structure and the URB (USB Request Block) are not properly freed. This oversight leads to a memory leak, as the completion callback 'async_set_reg_cb()', which is supposed to handle these deallocations, is only invoked after the URB is successfully submitted and has completed, whether successfully or with an error. To address this issue, the driver has been modified to free both the URB and the request structure in the error handling path when 'usb_submit_urb()' fails.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'usb_submit_urb()' function within the 'async_set_registers()' routine of the RTL8150 USB driver. This can be done by simulating a condition where the URB submission fails, such as disconnecting the USB device or causing a timeout, which would prevent the URB from being submitted successfully. Once the failure occurs, the 'async_req' structure and the URB will remain allocated and unfreed, causing a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can upgrade to the latest version of the kernel to apply this fix.