In the Linux kernel, the following vulnerability has been resolved:
comedi: Fix memory leak in compat_insnlist()
compat_insnlist()
handles the 32-bit version of the COMEDI_INSNLIST
ioctl (whenwhen CONFIG_COMPAT
is enabled). It allocates memory to
temporarily hold an array of struct comedi_insn
converted from the
32-bit version in user space. This memory is only being freed if there
is a fault while filling the array, otherwise it is leaked.
Add a call to kfree()
to fix the leak.