Linux Kernel Ext4 Memory Leak Vulnerability in Fast Commit Handling

A memory leak vulnerability has been identified in the Linux kernel's ext4 file system, specifically within the fast commit feature. The issue arises in the function responsible for recording modified inodes. When the memory allocation function 'krealloc' fails and returns NULL, the pointer to modified inodes is left in a NULL state. However, this NULL state prevents proper memory management, leading to a leak of the associated memory. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering the 'ext4_fc_record_modified_inode' function in a scenario where 'krealloc' fails to allocate memory. This can be done by filling up the inode modification tracking to the point where the function needs to reallocate memory, while simultaneously causing 'krealloc' to return NULL. This sequence of events will replicate the conditions that lead to the memory leak.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel documentation.