Linux Kernel Memory Leak Vulnerability in set_mempolicy_home_node System Call

A memory leak vulnerability has been identified in the Linux kernel's handling of the set_mempolicy_home_node system call. When the system call encounters a virtual memory area (VMA) with a policy other than MPOL_BIND or MPOL_PREFERRED_MANY, it returns an error without properly releasing the memory allocated for the policy. This oversight allows arbitrary users to leak kernel memory.

Impact

Exploitation of this vulnerability can lead to unauthorized memory leakage from the kernel, potentially allowing users to access sensitive information or disrupt system operations.

Reproduction

To reproduce this vulnerability, invoke the set_mempolicy_home_node system call with a virtual memory area that has a memory policy other than MPOL_BIND or MPOL_PREFERRED_MANY. The system call will return an error, but the memory allocated for the policy will not be released, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.