Linux Kernel LiquidIO Off-By-One Error Vulnerability in VF NIC Device Setup

An off-by-one error has been identified in the LiquidIO network driver of the Linux kernel, specifically within the virtual function (VF) NIC device setup process. The issue arises in the 'setup_nic_devices()' function, where the cleanup loop improperly skips the failing index, leading to a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a memory leak by failing to properly clean up after a failed initialization in the NIC device setup process.

Reproduction

The vulnerability can be reproduced by initializing NIC devices using the LiquidIO driver in a Linux kernel environment. During the setup process, the initialization loop will skip the index of any failed setup, creating a memory leak. This issue can be observed by monitoring memory usage during the NIC setup process.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.