Linux Kernel CIFS SMB Direct Connection Information Leak Vulnerability

A vulnerability in the Linux kernel's CIFS (Common Internet File System) implementation has been addressed. The issue arose when the memory registration (MR) allocation failed, leaving the SMB direct connection information null. Consequently, the 'smbd_destroy()' function would return immediately, leading to a leak of the connection information. The vulnerability has been fixed by ensuring that the SMB direct connection information is set to the server before calling 'smbd_destroy()'.

Impact

The vulnerability could lead to a memory leak of SMB direct connection information, potentially causing resource exhaustion or other unintended side effects.

Reproduction

The vulnerability can be reproduced by simulating a failure in the memory registration allocation process when using SMB direct connections in CIFS. This can be done by modifying the CIFS client to introduce a failure during the MR allocation, which will result in a null connection info. When 'smbd_destroy()' is called in this scenario, the connection information will be leaked instead of being properly cleaned up.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel official documentation.