Linux Kernel VXLAN Component Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's VXLAN implementation. The issue arises because memory allocated by the function 'vxlan_vnigroup_init()' is not properly released in the event of an error, leading to unaddressed memory leaks. This vulnerability can be reproduced by injecting errors into the 'gro_cells_init()' function, which triggers the memory allocation without proper cleanup, causing the leaked memory to remain unreferenced.

Impact

Exploitation of this vulnerability leads to memory leaks, where allocated memory is not freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by first annotating the 'gro_cells_init()' function with 'ALLOW_ERROR_INJECTION()'. Then, inject an error by setting the failure probability to 100% and specifying that the 'gro_cells_init' function should fail with a return value indicating an error. After injecting the error, attempt to add a VXLAN network interface, which will fail due to the injected error, but not before causing a memory leak by not releasing the allocated resources.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.