Linux Kernel CIFS Client Memory Leak Vulnerability in SMB3 Mount Function

A memory leak vulnerability has been identified in the Linux kernel's CIFS (Common Internet File System) client, specifically within the SMB3 (Server Message Block version 3) mounting process. This issue affects the stable versions of the Linux kernel. The vulnerability arises in the 'cifs_smb3_do_mount' function, where the 'cifs_sb_info' structure is allocated memory but not properly freed under certain conditions, leading to a potential memory leak.

Impact

Exploitation of this vulnerability can lead to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by mounting a CIFS share using the SMB3 protocol. During the mounting process, the 'cifs_smb3_do_mount' function is called, which contains the logic that introduces the memory leak. The kernel test robot has reported this warning, indicating the presence of the memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.