Memory Leak in Linux Kernel's vfio_ap Device Driver
CVE-2023-53746
What is CVE-2023-53746?
A memory leak has been identified in the vfio_ap device driver of the Linux kernel, where the device release callback function fails to properly free memory associated with the vfio_matrix_dev object. The function dev_get_drvdata is expected to retrieve the object pointer for proper memory management, but it does not store this object correctly as drvdata. As a result, the kfree function may be called with a NULL pointer, preventing the deallocation of the vfio_matrix_dev object. This oversight can cause system resource exhaustion over time, as memory associated with matrix devices is not returned to the system, leading to potential performance degradation.
Affected Version(s)
Linux 1fde573413b549d52183382e639c1d6ce88f5959 < 5195de1d5f66b276683240a896783f7f43c4f664
Linux 1fde573413b549d52183382e639c1d6ce88f5959
Linux 1fde573413b549d52183382e639c1d6ce88f5959