Linux Kernel DMA-Buf/DMA-Resv Memory Leak Vulnerability on Krealloc Failure

A vulnerability in the Linux kernel's DMA-buf and DMA-resv subsystems can lead to a memory leak. This issue occurs in the 'dma_resv_get_fences()' function, which fails to properly manage memory when the fence iteration is restarted and a reallocation of the fence array is needed. If the reallocation fails, the function does not free the old array, causing a memory leak. Additionally, some callers of 'dma_resv_get_fences()' may still access the array even after a failure, potentially leading to use-after-free errors.

Impact

This vulnerability can cause a memory leak, where previously allocated memory is not properly freed, leading to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by calling the 'dma_resv_get_fences()' function in a way that restarts the fence iteration and causes the 'krealloc_array()' function to fail. This will trigger the memory leak by leaving the old, unfreed array allocated while the new array is not properly initialized.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is available in the Linux kernel stable tree.