Linux Kernel Autofs Memory Leak Vulnerability in Catatonic Mode

A memory leak vulnerability has been identified in the Linux kernel's autofs component, specifically within the 'catatonic mode' handling. This issue arises when waitqueue structures are not properly freed, leading to unreferenced objects remaining in memory. The vulnerability is present in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by performing an 'AUTOFS_IOC_EXPIRE_MULTI' ioctl operation, which triggers the allocation of a waitqueue structure. If this operation is interrupted, the waitqueue's reference count is not correctly managed, allowing the structure to persist in memory without being freed. This behavior can be observed in the autofs waitq and expire handling functions.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.