Linux Kernel USB XHCI Memory Leak Vulnerability in Slot Management

A memory leak vulnerability has been identified in the Linux kernel's USB XHCI (eXtensible Host Controller Interface) driver. The issue arises in the 'xhci_disable_slot()' function, which is responsible for managing USB slots. When a slot is disabled, the function frees the command structure using 'kfree()', but fails to properly release the associated completion structure, leading to a memory leak. This vulnerability affects several versions of the Linux kernel, including v6.13-rc1 and the latest mainline release. The bug was discovered using a static analysis tool developed by the author, designed to detect memory management issues. The vulnerability persists in the current stable branch of the Linux kernel.

Impact

The vulnerability causes a memory leak in the XHCI driver, which can lead to increased memory usage and potential exhaustion of system resources over time.

Reproduction

The vulnerability can be reproduced by disabling a USB slot in the XHCI driver, which triggers the error handling path in the 'xhci_disable_slot()' function. This can be done by simulating specific hardware conditions or abnormal states that cause the function to execute the error handling logic. However, a reliable test case for this reproduction has not been constructed.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.