Linux Kernel Block Layer Memory Leak Vulnerability in blk-mq Component

A memory leak vulnerability has been identified in the Linux kernel's block layer, specifically within the blk-mq component. This issue arises when the 'blk_mq_register_hctx' function fails during the registration process, leading to unreferenced objects that are not properly cleaned up. The vulnerability was discovered during fault injection testing, which revealed lingering objects that had not been accounted for. The problem occurs because the registration process can be interrupted, leaving some objects in a partially added state without a fallback mechanism to address the failure.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a kernel module that interacts with the block layer's request queues. During this process, fault injection can be applied to simulate a failure in the 'blk_mq_register_hctx' function. This will result in unreferenced objects being left in memory, which can be observed as a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.