Linux Kernel io_uring Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's io_uring component. When provided buffers are removed, the associated io_buffer structures are not properly disposed of, leading to a memory leak. These structures cannot be freed individually as they are allocated in groups the size of a page. Instead, they must be added to a free list, such as io_buffers_cache. While all callers except those destroying buffers already hold the necessary lock, this lock had to be extended during the buffer destruction process.

Impact

The vulnerability causes a memory leak, where allocated buffers are not properly freed, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by using io_uring to manage buffers. When buffers are removed, the io_buffer structs are not disposed of correctly, creating a memory leak. This issue can be observed by monitoring memory usage during the removal of buffers from io_uring.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. The patch is included in the commit referenced by the CVE ID.