Linux Kernel Kvaser USB URB Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Kvaser USB CAN interface of the Linux kernel. This issue arises in the 'kvaser_usb_read_bulk_callback()' function, where USB transfer buffers (URBs) are processed and resubmitted. The problem occurs because the URBs are unanchored by the USB framework before they are fully processed, leading to a failure in releasing them properly. As a result, the URBs remain allocated and cause a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using a Kvaser CAN/USB device with a Linux kernel version that includes the vulnerable Kvaser USB driver. When the device is used for CAN communication, the URBs for USB-in transfers are allocated and submitted without proper anchoring. The 'kvaser_usb_read_bulk_callback()' function will then process these URBs, but due to the unanchoring issue, they will not be released correctly, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is available in the Linux kernel stable tree.