Linux Kernel Open vSwitch Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Open vSwitch (OVS) module of the Linux kernel. This issue arises when the module parses user-defined actions, potentially leading to dynamic memory allocation that is not properly freed. Currently, the actions 'ct()' and 'set()' can cause memory to be retained, with the 'ct()' action leaking memory allocated for connection tracking under certain flow conditions. The 'set()' action can leak tunnel information, including device references. The vulnerability is exacerbated by high flow rotation rates, which can lead to significant memory consumption, estimated at 2MB per second in one reported case.

Impact

Exploitation of this vulnerability can cause a substantial memory leak, with reported rates of up to 2MB per second.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.