Linux Kernel Altera TSE Driver SKB Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Altera TSE Ethernet driver. This issue arises in the 'tse_start_xmit()' function when 'dma_map_single()' fails. The function returns 'NETDEV_TX_OK', indicating that the packet was successfully processed, but fails to free the associated socket buffer (SKB). As a result, the SKB is never released, causing a memory leak with each DMA mapping failure. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability leads to a memory leak, where the socket buffer is not freed after a DMA mapping error, causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by triggering a DMA mapping error in the 'tse_start_xmit()' function of the Altera TSE Ethernet driver. This can be done by simulating a failure in the 'dma_map_single()' function, which will cause the 'tse_start_xmit()' function to return 'NETDEV_TX_OK' without freeing the SKB, thus creating a memory leak.

Remediation

The vulnerability has been addressed by modifying the 'tse_start_xmit()' function to include a call to 'dev_kfree_skb_any()' before returning. This change ensures that the SKB is properly freed in the event of a DMA mapping error.