Linux Kernel Nouveau Device Leak Vulnerability on Aperture Removal Failure

A memory leak vulnerability has been identified in the Linux kernel's Nouveau graphics driver. This issue arises when the function 'aperture_remove_conflicting_pci_devices()' fails during the probing of PCI devices. The failure causes the function to return immediately without properly releasing a newly allocated 'nvkm_device' object, which leads to a leak of the device wrapper and a reference to the PCI device that was enabled. The vulnerability was introduced by changing the order of operations during PCI device handling, and it can be exploited by causing a probe failure that interrupts the normal device initialization process.

Impact

The vulnerability causes a memory leak by failing to release allocated device resources, which can lead to increased memory usage and potential degradation of system performance over time.

Reproduction

To reproduce this vulnerability, load the Nouveau driver and simulate a failure in the 'aperture_remove_conflicting_pci_devices()' function during the PCI device probing process. This can be done by introducing a condition that causes the function to fail, such as removing a conflicting framebuffer driver that the Nouveau driver depends on. When the function fails, it will return immediately without unwinding the 'nvkm_device' allocation, leading to a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel where this issue has been addressed.