Linux Kernel OCFS2 Memory Leak Vulnerability in Volume Mounting

A memory leak vulnerability has been identified in the OCFS2 file system component of the Linux kernel. This issue arises in the 'ocfs2_mount_volume' function, where the 'replay_map' memory is not properly freed under certain error conditions. Specifically, if 'ocfs2_truncate_log_init' fails or if 'd_make_root' returns an error during the volume mounting process, the allocated memory for 'replay_map' remains unreferenced, leading to a memory leak. The problem has been documented by 'kmemleak', which reported an unreferenced object associated with the OCFS2 mounting process.

Impact

The vulnerability causes a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by mounting an OCFS2 volume in a way that triggers an error during the initialization process. This can be done by simulating a failure in the 'ocfs2_truncate_log_init' function or by causing 'd_make_root' to return an error, both of which will result in the 'replay_map' memory not being freed as intended.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.