Linux Kernel vhost-vdpa IOTLB Memory Leak Vulnerability

A memory leak vulnerability has been identified in the vhost-vdpa component of the Linux kernel. This issue arises from improper handling of the IOTLB (I/O Translation Lookaside Buffer) during the release process. After a recent commit that modified IOTLB management, some necessary cleanup code was inadvertently removed. Although a partial fix was applied, a potential memory leak remains, as indicated by kmemleak, if the application fails to send a VHOST_IOTLB_INVALIDATE message or crashes. The leaked memory corresponds to an unreferenced object allocated when processing user IOTLB messages, which can accumulate over time and lead to resource exhaustion.

Impact

Exploitation of this vulnerability can cause a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and exhaustion of system resources over time.

Reproduction

The vulnerability can be reproduced by using a vDPA (Virtual Device Pass-Through) device with the 'use_va' option enabled, such as VDUSE. The 'blkio-bench' application can be used to trigger the issue by writing IOTLB messages without invalidating them, allowing the memory leak to occur.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.