Linux Kernel Virtio-Crypto Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's virtio-crypto component, specifically within the 'virtio_crypto_alg_skcipher_close_session()' function. The issue arises because the 'vc_ctrl_req' control request is allocated but not properly freed when an error status is encountered. This oversight leads to a memory leak.

Impact

Exploitation of this vulnerability causes a memory leak, which can lead to increased memory usage and potential exhaustion of system resources over time.

Reproduction

The vulnerability can be reproduced by invoking the 'virtio_crypto_alg_skcipher_close_session()' function with a control status that indicates an error. The function will log the error status and session ID, but fail to release the allocated 'vc_ctrl_req' control request, resulting in a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.