A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures.
This was fixed for Fedora with the 5.3.5 stable kernel updates.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1826573]
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module qla3xxx. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278
This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (DMA mapping error).
(In reply to Dhananjay Arunesh from comment #0)
> A memory leak in the ql_alloc_large_buffers() function in
> drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users
> to cause a denial of service (memory consumption) by triggering
> pci_dma_mapping_error() failures.
ql_alloc_large_buffers() is buggy, but that supposed fix is wrong. It adds a double-free.
See upstream commit cad46039e4c99812db067c8ac22a864960e7acc4
net: qlogic: Fix error paths in ql_alloc_large_buffers()
The CVE describes a memory leak in an error path during device initialization. I would just WONTFIX that, but...
The original fix introduced a more serious problem (double free).
The subsequent proper fix (commit cad46039e4c99) corrected not only the double-free, but also two other errors:
- calling dev_kfree_skb() with unitialized pointers.
- DMA unmapping of memory that wasn't mapped.
These are surely more serious than a memory leak and AFAIK, no CVE has been filed for them.
Can the CVE be updated? Should a new CVE be created?