Linux Kernel BPF Reuseport Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's BPF (Berkeley Packet Filter) implementation, specifically within the reuseport functionality. The issue arises when a TCP socket, which may have had the SO_ATTACH_REUSEPORT_EBPF option set, is returned by the sockmap lookup as ESTABLISHED. This scenario can lead to a non-refcounted socket being improperly managed, causing a memory leak. The vulnerability allows for an unreferenced object to persist, as indicated by the kernel's memory management and backtrace logs.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by attaching a BPF program to a TCP socket using the SO_ATTACH_REUSEPORT_EBPF option, and then allowing the socket to transition to the ESTABLISHED state. Once the socket is established, the BPF program's attachment can result in a memory leak, as the socket's reference is not properly managed.