Linux Kernel LiquidIO Netdev Pointer Initialization Vulnerability in NIC Setup

A memory leak vulnerability has been identified in the Linux kernel's handling of network devices for LiquidIO NICs. During the initialization process, the network device (netdev) is allocated but the pointer to this allocation is not set until after certain queue configuration functions are called. If these functions fail, the setup process returns an error without freeing the allocated netdev, leaving the pointer null. Consequently, the cleanup function fails to locate and free the netdev, causing a memory leak. This issue affects the LiquidIO network driver in the Linux kernel.

Impact

The vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by setting up a NIC device using the LiquidIO driver in the Linux kernel. During the setup process, the netdev is allocated but the pointer is not initialized before configuring the network queues. If the queue setup functions encounter an error, the allocated netdev is not freed, resulting in a memory leak.

Remediation

The vulnerability has been addressed by modifying the NIC setup process to initialize the netdev pointer before configuring the network queues. This change ensures that the netdev can be properly cleaned up in case of an error, preventing the memory leak.