Linux Kernel Memory Leak Vulnerability in Debugfs Lookup Handling

A memory leak vulnerability has been identified in the Linux kernel's handling of debugfs_lookup() in versions prior to 6.2.16. When debugfs_lookup() is called, the returned result must be released with dput() to prevent memory leakage over time. The vulnerability arises because this necessary cleanup was not performed, leading to a gradual increase in memory usage. The issue can be exploited by creating and removing debugfs files in a loop, which causes the memory leak to accumulate. The vulnerability has been addressed by modifying the code to use debugfs_lookup_and_remove(), a function that automatically manages the lookup and cleanup process, thereby eliminating the memory leak.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, causing increased memory usage over time. This can potentially lead to memory exhaustion, where the system runs out of available memory resources.

Reproduction

The vulnerability can be reproduced by calling debugfs_lookup() without the corresponding dput() to release the memory. This can be done in a loop, repeatedly creating and removing debugfs files, which will cause the memory leak to accumulate. The leaked memory can be observed using memory monitoring tools, which will show an increase in memory usage that is not released back to the system.

Remediation

Users can upgrade to Linux kernel versions 6.2.16 or later, where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the documentation for the specific Linux distribution in use.