Linux Kernel SKB Memory Leak Vulnerability in Timestamping Function

A memory leak vulnerability has been identified in the Linux kernel's handling of socket buffers (SKBs) within the __skb_tstamp_tx() function. This issue arises from a previous fix for zerocopy SKBs, which inadvertently created a new leak. When the skb_orphan_frags_rx() function fails, the function returns without freeing the cloned SKB, leading to a memory leak. This vulnerability affects the Linux kernel stable tree and has been addressed in versions through 6.4.0.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated SKBs are not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering the __skb_tstamp_tx() function with a scenario where skb_orphan_frags_rx() fails. This can be done by manipulating the conditions under which SKBs are processed, such as using zerocopy SKBs that require timestamping. The failure of skb_orphan_frags_rx() to handle the SKB properly will result in the memory leak, as the function will exit without freeing the cloned SKB.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.