Linux Kernel gs_usb Component URB Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's gs_usb component, specifically within the USB CAN driver. This issue arises because the USB framework unanchors USB Request Blocks (URBs) before their completion callbacks are executed. As a result, once an inbound URB is processed, it is no longer anchored and fails to be released properly, leading to a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using the gs_usb component of the Linux kernel's CAN subsystem. When USB-in transfers are initiated, the URBs are allocated and submitted without proper anchoring, allowing them to be untracked and not freed correctly, especially after being processed in the completion callback.

Remediation

The vulnerability has been addressed by modifying the gs_usb_receive_bulk_callback() function to re-anchor the URB to the parent->rx_submitted anchor before submitting it. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.