Linux Kernel Radio Keene Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's radio Keene driver. The issue arises in the 'usb_keene_probe' function, where the Video4Linux2 (v4l2) control handler is initialized and controls are added. If the subsequent calls to 'v4l2_device_register' or 'video_register_device' fail, the control handler is not freed, leading to a memory leak. This vulnerability affects the Linux kernel stable group.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the Keene FM Transmitter driver in the Linux kernel. When the driver is loaded, the v4l2 control handler is initialized. If the driver registration process fails at a certain point, the control handler is not freed, causing a memory leak. This can be simulated by forcing a failure in the 'v4l2_device_register' or 'video_register_device' calls after the control handler has been initialized.

Remediation

The vulnerability has been addressed in the Linux kernel by adding a call to 'v4l2_ctrl_handler_free' in the error handling path of the 'usb_keene_probe' function. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.