Linux Kernel USB Driver Resource Management Vulnerability in UCAN Interface

A vulnerability in the Linux kernel's USB driver management for UCAN devices can lead to memory leaks. This issue arises because the lifetime of resources managed by the driver is tied to the parent USB device instead of the USB interface. As a result, when drivers are unbound without the devices being physically disconnected, it can cause unmanaged memory to accumulate. The vulnerability has been addressed by modifying the control message buffer's lifetime management, ensuring it is properly released when the driver is unbound.

Impact

The vulnerability could lead to memory leaks in the system, as unbound drivers may not release resources properly, causing accumulated unmanaged memory.

Reproduction

The vulnerability can be reproduced by using a USB driver that binds to a USB interface while managing resources through the parent USB device. When the driver is unbound without physically disconnecting the device, such as during probe deferral or configuration changes, the issue manifests as a memory leak.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree.