Linux Kernel Toshiba HDD Active Protection Sensor Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's handling of Toshiba HDD Active Protection Sensor devices. The issue arises in the 'toshiba_haps_add' function, which fails to free an allocated object if an error occurs after the allocation. Similarly, the 'toshiba_haps_remove' function does not properly release the object it points to before clearing the pointer, leading to unreachable memory. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to memory leaks, causing increased memory usage and potential degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by adding a Toshiba HDD Active Protection Sensor device, which will trigger the memory leak in the 'toshiba_haps_add' function. Removing the device will also demonstrate the issue, as the 'toshiba_haps_remove' function fails to free the associated object, leaving allocated memory unreachable.

Remediation

The vulnerability has been addressed by modifying the memory allocation method to use 'devm_kzalloc', which automatically manages the memory and prevents leaks. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.