Linux Kernel KCM Module SOCK_DGRAM Error Handling Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's KCM (Kernel Connection Multiplexor) module, specifically within the `kcm_sendmsg()` function for SOCK_DGRAM sockets. This issue arises because the function does not properly manage the MSG_MORE queue when an error occurs, leading to potential data transmission problems. The vulnerability was discovered by syzkaller, a fuzzing tool, which found that the error handling for SOCK_DGRAM was inadequate. Although this issue has not been widely reported, it can be safely addressed by modifying the error handling process to properly flush the pending message queue, similar to how it is managed for UDP sockets.

Impact

The vulnerability can cause a memory leak and disrupt the message transmission process over SOCK_DGRAM sockets, potentially leading to data loss or corruption.

Reproduction

The vulnerability can be reproduced by sending a message over a SOCK_DGRAM socket using the KCM module. If an error occurs during the transmission, the `kcm_sendmsg()` function will fail to properly handle the error, leaving the MSG_MORE queue in a disordered state. This can be observed by monitoring the behavior of message delivery over the socket, which will be inconsistent due to the improper error handling.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.