Linux Kernel Heap Memory Leak Vulnerability in usblp Driver via LPGETSTATUS ioctl

A vulnerability has been identified in the Linux kernel usblp driver, specifically related to the LPGETSTATUS ioctl. This issue arises because the driver does not properly initialize a memory buffer allocated to store printer status. When the LPGETSTATUS ioctl is called, the buffer may contain one byte of uninitialized data from the heap, which can be inadvertently sent to the user. This flaw could be exploited if a printer responds with zero bytes, leaving stale data in the buffer that the driver then exposes through the ioctl interface.

Impact

Exploitation of this vulnerability could lead to a heap memory leak, where uninitialized data from the kernel heap is exposed to user space, potentially allowing for further exploitation or information disclosure.

Reproduction

The vulnerability can be reproduced by loading the usblp driver and then issuing an LPGETSTATUS ioctl command before the status buffer has been properly initialized. If a connected printer responds with zero bytes, the buffer will contain leftover data from the heap, which will be sent back to the user, demonstrating the uninitialized heap leak.

Remediation

The vulnerability has been addressed by modifying the driver to clear the status buffer immediately after allocation, ensuring that no stale data can be leaked. Users should update to the latest version of the Linux kernel where this fix has been applied.