Linux Kernel UBIFS Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's UBIFS (Unsorted Block Image File System) implementation. This issue arises in the 'alloc_wbufs' function, where the 'ubifs_wbuf_init' function can return an error after some memory has already been allocated. In such cases, the previously allocated memory for write buffers and inodes is not freed, leading to a memory leak. The vulnerability was reported by 'kmemleak', which detected unreferenced objects that were not properly released.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not freed, potentially causing increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by mounting a UBIFS file system in a way that triggers the 'ubifs_wbuf_init' function to return an error. This can be done by creating a scenario where the initialization process fails after some buffers have already been allocated, such as by simulating a low-memory condition or by modifying the UBIFS initialization process to introduce a failure after partial allocation.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.