CVE-2023-54001

Vulnerability

Analysis

The vulnerability is a memory leak in the _r8712_init_xmit_priv() function of the staging r8712 Wi-Fi driver in the Linux kernel. When memory is allocated sequentially within this routine, and a later allocation fails after earlier ones have succeeded, the previously allocated memory is not freed, resulting in a leak. The issue was introduced by commit 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel"). [1][2]

Exploitation

Exploitation requires the ability to trigger the initialization of the driver's transmit private data, which occurs during normal driver loading or device binding. An attacker with local access or the ability to cause the driver to load repeatedly (e.g., via USB device insertion) could exhaust kernel memory by causing multiple initialization failures. No special privileges beyond basic system access are needed to trigger the vulnerable code path.

Impact

Repeated triggering of the memory leak leads to gradual depletion of kernel memory, potentially causing system instability, denial of service, or out-of-memory conditions that kill processes. The leak is limited to the xmit resource structures, so the impact is primarily resource exhaustion rather than data corruption or privilege escalation.

Mitigation

The fix addresses both the primary leak in _r8712_init_xmit_priv() and a related leak in r8712_xmit_resource_alloc(). Patches have been applied to the Linux kernel stable branches. Users should update their kernel to version including commit 41e05572e871 or later. No workaround is available without patching, but the driver is in staging and may not be loaded by default on all systems. [1][2]