Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's airoha network driver, specifically in the function airoha_qdma_rx_process().

When an error occurs on the subsequent buffers of the non-linear part of the socket buffer (skb), such as due to an incorrect payload length reported by the network interface card (NIC) or if all available fragments for the skb are consumed, a page_pool fragment is not linked back to the skb.

Because of this, the page_pool fragment is not returned to the pool during the error handling path, causing a memory leak.

The fix involves partially reverting a previous commit and ensuring that the page_pool_put_full_page routine is always run in the error path of airoha_qdma_rx_process(), preventing the memory leak.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to a memory leak in the Linux kernel when using the airoha network driver.

Over time, this memory leak could cause increased memory consumption, potentially degrading system performance or leading to system instability or crashes if memory resources are exhausted.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability in the Linux kernel related to the airoha driver involves a memory leak in the airoha_qdma_rx_process() function. To mitigate this vulnerability, you should update your Linux kernel to a version where this issue has been fixed.

The fix involves ensuring that the page_pool_put_full_page routine is always run in the error path of airoha_qdma_rx_process(), preventing memory leaks. Applying the patch or upgrading to a kernel version that includes this fix is the immediate recommended step.

Useful 0 Not Useful 0