Linux Kernel IB/iSCSI Connection Management Vulnerability Causes Resource Leaks

A vulnerability has been identified in the Linux kernel's iSCSI over InfiniBand (IB) connection management. The issue arises from an incorrect release of iSCSI connections, leading to resource leaks. This vulnerability is present in the Linux kernel stable tree, specifically in versions 6.5.0-rc1 and prior. The problem manifests when a device is removed, causing leaked resources such as kernel protection domain, completion queue, and queue pair objects, which are not properly freed. This issue was introduced in a commit intended to fix a connection release problem, but it inadvertently created a bug that has been reported by a user.

Impact

The vulnerability causes a resource leak, where kernel objects related to the InfiniBand iSCSI transport are not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the IB/iSCSI target module and then removing the device while the module is still in use. This can be done using the 'modprobe' command to load the module and then 'pci_device_remove' to simulate the removal of the device. The 'ib_cq_pool_cleanup' function will generate a warning, indicating that the completion queue object allocated by the IB core is not freed, along with similar messages for the other leaked resources.

Remediation

Users can apply the latest patches available in the Linux kernel stable Git repository to address this vulnerability.