Linux Kernel DMA Engine Memory Leak Vulnerability in QCOM GPI Driver

A memory leak vulnerability has been identified in the Linux kernel's DMA engine, specifically within the Qualcomm GPI driver. The issue arises in the 'gpi_peripheral_config()' function, where the original memory referenced by 'gchan->config' can be lost if 'krealloc()' fails. This occurs because the function directly assigns NULL to 'gchan->config', causing the original memory to become unreachable and unable to be freed. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by configuring a DMA channel with a peripheral size that exceeds the currently allocated memory. If the 'krealloc()' function fails and returns NULL, the 'gchan->config' variable will be set to NULL, losing the reference to the originally allocated memory. This causes the memory to become unreachable and unable to be freed, leading to a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. The official Linux kernel Git repository contains the patched version.