Linux Kernel IOMMU Memory Leak Vulnerability in VT-d Handling

A memory leak vulnerability has been identified in the Linux kernel's IOMMU (Input-Output Memory Management Unit) handling, specifically within the VT-d (Virtualization Technology for Directed I/O) context. This issue affects several versions of the Linux kernel prior to a specific commit that removed the domain and device information memory pool. The vulnerability arises in the 'si_domain' initialization process, where a failure can lead to residual objects in the IOMMU domain cache. Although the problematic memory pool code has been removed, the 'si_domain' memory can still leak if the initialization fails. The vulnerability is triggered during the IOMMU domain setup process, where improper error handling allows memory to remain allocated without being properly released.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by initializing the IOMMU domain in a kernel version prior to the removal of the domain and devinfo mempool. During the initialization process, if an error occurs, the 'si_domain' memory is not properly cleaned up, leading to a memory leak. This can be observed by monitoring memory usage before and after the IOMMU domain initialization.

Remediation

Users can upgrade to a patched version of the Linux kernel that addresses this vulnerability. The latest stable version can be obtained from the official Linux kernel website or through the Linux distribution's package manager.