Linux Kernel CIFS MID Leak Vulnerability During Reconnection After Timeout

A vulnerability in the CIFS (Common Internet File System) component of the Linux kernel has been addressed. This issue involved a memory leak of MID (Message Identifier) entries during the reconnection process that follows a timeout. When the number of responses indicating a STATUS_IO_TIMEOUT exceeds a certain threshold, the connection is reestablished. However, the vulnerability arose because the MID was not returned, nor were the credits associated with it, leading to an incorrect count of in-flight requests on the server. This oversight could cause the server's in-flight request count to become inaccurate and result in a leak of MID entries. The vulnerability has been fixed by adjusting the reconnection process to properly handle MIDs and by renaming the timeout threshold variable to better reflect its purpose.

Impact

The vulnerability could lead to a memory leak of MID entries, causing an accumulation of unreturned MIDs that could eventually exhaust system resources.

Reproduction

The vulnerability can be reproduced by allowing the number of STATUS_IO_TIMEOUT responses to exceed the threshold of five. This will trigger a reconnection process that fails to return the MID or the associated credits, creating a leak in the MID management system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.