Linux Kernel Pegasus USB Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's USB Pegasus driver. This issue arises in the 'update_eth_regs_async' function, where asynchronous writes to device registers may fail. If the 'usb_submit_urb' function fails, the driver does not properly release the resources that were allocated, leading to a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by asynchronously writing to the device registers of a USB device using the Pegasus driver. If the 'usb_submit_urb' function fails during this process, the driver will fail to release the allocated resources, causing a memory leak. This can be observed by monitoring the system's memory usage, which will increase without being properly cleared.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.