Linux Kernel MCTP I2C Driver SKB Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's MCTP I2C binding driver. When the 'allow_rx' flag is false, newly allocated socket buffers (SKBs) are not properly handled by the network stack, leading to a memory leak. The SKBs need to be freed manually, but this is not done in the current implementation.

Impact

The vulnerability causes a memory leak by failing to free allocated socket buffers, which can lead to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by using the MCTP I2C binding driver in a scenario where the 'allow_rx' flag is set to false'. In this case, the driver will allocate socket buffers for incoming data but will not pass them to the network stack for processing. As a result, the allocated buffers will not be freed, causing a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.