Linux Kernel URB Memory Leak Vulnerability in EMS USB CAN Interface

A memory leak vulnerability has been identified in the Linux kernel's EMS USB CAN interface driver. This issue arises in the 'ems_usb_read_bulk_callback()' function, where USB Request Blocks (URBs) for incoming USB transfers are not properly released when the 'ems_usb_close()' function is called. The problem occurs because the USB framework unanchors the URB before the completion callback is executed, leading to URBs being left unfreed. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a memory leak by failing to release URBs that have been processed, which can lead to increased memory usage and potential exhaustion of system resources over time.

Reproduction

The vulnerability can be reproduced by using the EMS USB CAN interface with the Linux kernel stable tree. When USB-in transfers are initiated, the URBs are allocated and submitted but not properly released when the interface is closed, creating a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree by updating the 'ems_usb_read_bulk_callback()' function to re-anchor the URB before it is processed, ensuring that it is properly released when the interface is closed.