Linux Kernel NFC LLCP Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's NFC LLCP (Logical Link Control Protocol) implementation. This issue arises in the 'nfc_llcp_send_ui_frame()' function, where the lack of synchronization between sending UI frames and cleaning up local resources can lead to unreferenced objects and memory leaks. The problem was reported by syzbot, which indicated that the UI frame sending routine failed to allocate the necessary buffer due to a socket error. This error occurs when the associated NFC local structure is destroyed, but the cleanup process does not properly synchronize with ongoing operations, allowing memory to be allocated and then leaked instead of being used or freed appropriately.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, causing increased memory usage and potential degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by creating an NFC LLCP socket and sending UI frames while simultaneously triggering the cleanup process for the associated NFC local structure. This can be done by using the 'nfc_llcp_send_ui_frame()' function to send data, while the 'local_cleanup()' function is called to remove the NFC local structure, without proper synchronization between the two operations.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.