Linux Kernel StarFive Crypto Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's StarFive crypto implementation, specifically within the AES AEAD request handling function. The issue arises because the function allocates memory for the 'adata' context using a zero-initialized allocation, but fails to release this memory if certain operations encounter errors. This oversight leads to memory leaks, as the allocated data is not freed under these error conditions. Although the vulnerability was discovered through static analysis and code review, it has only been compile-tested.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage and potential degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the 'starfive_aes_aead_do_one_req' function with a request that triggers an error in either the 'sg_copy_to_buffer' function or the 'starfive_aes_hw_init' function'. This can be done by creating a scenario where the associated length of the cryptographic operation is not properly handled, causing the function to allocate memory for the 'adata' but not free it when an error occurs.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.