Linux Kernel Kmemleak Vulnerability in Block Layer Management

A memory leak vulnerability has been identified in the Linux kernel's block layer management, specifically within the block multi-queue (blk-mq) subsystem. This issue arises when the 'null_blk' module is loaded, leading to a leak of unreferenced objects. The vulnerability occurs because the queue's management operations are set to NULL before the queue is properly released, causing allocated hardware contexts to be leaked. The problem has been traced back to the 'blk_mq_init_allocated_queue' function, where the improper handling of queue states allows for memory to be retained without being freed.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the 'null_blk' module using 'modprobe'. This action triggers the memory leak as the block multi-queue initialization process allocates resources that are not properly cleaned up due to a flaw in the queue management logic.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest version where this issue has been fixed.