Linux Kernel KCM Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Kernel Connection Multiplexor (KCM) module, specifically within the 'kcm_sendmsg()' function. This issue arises when an error occurs after some bytes have been copied, leaving the 'last_skb' reference unupdated. Consequently, a subsequent call to 'kcm_sendmsg()' uses an outdated reference, corrupting the 'head' fragment list and causing a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where unreferenced objects are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by sending a message through a KCM socket that triggers an error after some data has been copied. This can be done using a tool like Syzkaller, which is designed to find and report bugs in the Linux kernel. Syzkaller will execute a process that sends messages over a KCM socket, simulating the conditions that cause the memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is 'c821a88bd720b0046433173185fd841a100d44ad', which is available in the Linux kernel stable tree.