Linux Kernel USB Driver Resource Management Vulnerability in rt2x00usb

A vulnerability has been identified in the Linux kernel's handling of USB driver resource lifetimes, specifically within the rt2x00usb wireless driver. This issue can lead to memory leaks when drivers are unbound without their corresponding devices being physically disconnected, such as during probe deferrals or configuration changes. The vulnerability arises because the lifetime of device-managed resources is tied to the parent USB device instead of the USB interface. The problem has been addressed by modifying the resource management to align with the correct interface, ensuring that resources are properly released when the driver is unbound.

Impact

The vulnerability can cause memory leaks in the system, as unbound drivers may not release resources properly, leading to increased memory usage over time.

Reproduction

The vulnerability can be reproduced by using a USB device with a driver that defers probing or undergoes configuration changes, which unbinds the driver without physically disconnecting the device. This scenario will trigger the memory leak by allowing the driver to be unbound while its resources remain allocated, without being properly managed or released.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.