Linux Kernel CIFS XID Leak Vulnerability in File Range Copying

A vulnerability exists in the Linux kernel's CIFS (Common Internet File System) implementation, specifically within the file range copying function. This issue arises when a file is used by swap; the function fails to properly manage the XID (transaction identifier) before returning an 'operation not supported' error, leading to an XID leak. The vulnerability is present in several versions of the Linux kernel.

Impact

The vulnerability causes a resource leak by not properly freeing the XID when a file is used by swap, which could lead to exhaustion of available XIDs.

Reproduction

To reproduce this vulnerability, enable swap on SMB3 mounts and use the CIFS file system. When the 'cifs_copy_file_range' function is called on a file that is swapped, the function will return an 'operation not supported' error without freeing the XID, thus leaking it.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel documentation.