Linux Kernel SmartPQI SCSI Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's SmartPQI SCSI driver. The issue arises in the 'pqi_report_phys_luns' function, which fails to properly release the 'rpl_list' buffer when it encounters an unsupported data format or when the allocation for the 'rpl_16byte_wwid_list' fails. These premature returns skip the necessary cleanup, resulting in memory leaks. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to memory leaks, which can cause increased memory usage and potentially degrade system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the 'pqi_report_phys_luns' function in the SmartPQI SCSI driver with a data format that is unsupported or in a scenario where the 'rpl_16byte_wwid_list' allocation fails. This will trigger the function to return early without freeing the allocated 'rpl_list' buffer, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is '41b37312bd9722af77ec7817ccf22d7a4880c289', which is included in the official Linux kernel repository.