Linux Kernel Airoha Network Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Airoha network driver. This issue arises in the 'airoha_qdma_rx_process()' function when an error occurs with the non-linear part of the socket buffer (skb). Such errors can be triggered by incorrect payload length reports from the network interface card (NIC) or by exhausting all available fragments for the skb. In these scenarios, the page_pool fragment fails to link back to the skb, preventing it from returning to the pool during the error handling process. The vulnerability has been addressed by partially reverting a previous commit and ensuring that the 'page_pool_put_full_page' routine is always executed in the error path of 'airoha_qdma_rx_process()'.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by causing an error in the payload length reported by the NIC while processing non-linear skb buffers in the Airoha network driver. This can be done by manipulating network traffic or using a custom network interface that introduces incorrect payload length data. Once the error occurs, the 'airoha_qdma_rx_process()' function will fail to link the page_pool fragment to the skb, resulting in a memory leak as the fragment does not return to the pool.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.