Linux Kernel URB Memory Leak Vulnerability in esd_usb Driver

A memory leak vulnerability has been identified in the Linux kernel's esd_usb driver for USB CAN devices. This issue arises because the driver fails to properly release USB Request Blocks (URBs) after they have been processed. When URBs are completed, they are unanchored from the device's submission queue, but the driver does not account for this change, leading to a memory leak. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using a version of the Linux kernel that includes the affected esd_usb driver. When the driver is loaded and USB-in transfers are initiated, the URBs will be allocated and submitted. However, once these URBs are completed, they will be unanchored and not released, creating a memory leak. This behavior can be observed by monitoring the system's memory usage while the driver is active.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.