Linux Kernel RISC-V Kexec ELF Header Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's handling of ELF headers during the kexec process on RISC-V architectures. When a kernel image is loaded using kexec, a buffer for the ELF headers is allocated but not properly freed if the kdump kernel fails to load. This oversight leads to unreferenced memory, as reported by the kmemleak detector. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability causes a memory leak, where allocated memory for ELF headers is not released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a kernel image using the kexec_file_load system call on a RISC-V architecture. If the kdump kernel fails to load after the ELF headers have been set, the allocated memory for the headers will not be freed, creating a memory leak. This can be observed using the kmemleak detector, which will report the unreferenced memory as a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.