Linux Kernel Memory Leak Vulnerability in Objtool Static Call Handling

A memory leak vulnerability has been identified in the Linux kernel's objtool component, specifically within the create_static_call_sections function. This issue arises because the strdup function allocates memory for the key_name variable, and the allocated memory is not properly released in certain error scenarios. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not freed, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by invoking the create_static_call_sections function in objtool with a key_name that triggers one of the error paths. This can be done by crafting a static call trampoline name that is malformed or by ensuring that the static_call_key symbol cannot be found, which will cause the function to return an error without freeing the allocated memory.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to mitigate this issue.