Linux Kernel mac80211 Wi-Fi Stack skb Memory Management Vulnerability

A vulnerability in the Linux kernel's mac80211 Wi-Fi stack has been addressed, ensuring consistent memory management for socket buffers (skbs) during transmission preparation. The issue arose because the function ieee80211_tx_prepare_skb() had three error paths, but only two properly freed the skb. The first error path, which involved dropping the transmission, failed to release the skb, while the other two error scenarios did. This inconsistency could lead to memory leaks or undefined behavior. The vulnerability has been fixed by adding a skb free operation to the first error path, ensuring all error scenarios are handled uniformly. Additionally, the redundant skb free operations in the calling functions (ath9k, mt76, and mac80211_hwsim) were removed to prevent double-free errors. The fix also includes documentation clarifying the ownership and management of skbs in the function's Kdoc.

Impact

The vulnerability could cause memory management issues, leading to potential memory leaks or double-free errors, which can be exploited to cause undefined behavior in the kernel.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix can be downloaded as a tarball.