Linux Kernel OrangeFS Module Kobject Memory Leak Vulnerability

A memory leak vulnerability has been identified in the OrangeFS module of the Linux kernel. When the module is inserted and removed, certain kobjects are left unreferenced, leading to a memory leak. This issue was observed in the 'orangefs_sysfs_init' function, where multiple kobjects allocated memory are not properly released, causing a memory leak. The leaked objects were reported by the kernel's memory leak detector (kmemleak).

Impact

The vulnerability leads to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

To reproduce this vulnerability, load the OrangeFS module using 'insmod' and then remove it with 'rmmod'. After the module is removed, the kernel's memory leak detector will report unreferenced kobjects that were allocated during the 'orangefs_sysfs_init' process but were not properly released. This can be verified by checking the kmemleak logs, which will show the leaked objects and their details, such as the allocation size, the process ID, and a hex dump of the allocated memory.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users can upgrade to the latest version of the kernel where this issue has been fixed.