Linux Kernel Memory Policy Management Vulnerability Leading to Memory Leak

A vulnerability in the Linux kernel's memory policy management can cause a memory leak. This issue arises in the 'mm/mempolicy' component, where an allocated 'mpol_new' reference is not properly managed if it is not used in the restart loop. The problem occurs when the memory policy is updated on a shared 'shmem' file while the associated lock is released, allowing 'mpol_new' to be incorrectly freed before it can be used. As a result, the reference count is not properly initialized, leading to a potential leak of the unused 'mpol_new' allocation.

Impact

The vulnerability can be exploited to create a memory leak, potentially leading to increased memory usage and degradation of system performance.

Reproduction

The vulnerability can be reproduced by simultaneously running multiple processes that allocate shared memory and repeatedly bind memory policies to that shared memory. This can be done using the 'shmget' and 'shmat' system calls to create and attach shared memory segments, followed by the 'mbind' system call to apply different memory policies. The issue occurs when 'mpol_new' is allocated but not used before the memory policy is updated, causing the reference count to be improperly managed and leading to a memory leak.