Linux Kernel Ceph File System Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Ceph file system component. The issue arises in the 'ceph_mds_auth_match()' function, where temporary allocations for target path substrings were not properly freed in all execution branches. This oversight led to a memory leak that could cause the system to crash, particularly under heavy file access. The vulnerability was observed in production environments, where it caused continuous memory consumption, eventually triggering a kernel out-of-memory condition that locked up the system.

Impact

Exploitation of this vulnerability leads to a memory leak that can cause the system to run out of memory, hard-locking the kernel.

Reproduction

The vulnerability can be reproduced by mounting a subdirectory of a Ceph file system and accessing files within that subdirectory using an authentication token with path-scoped capabilities. This process involves retrieving the authentication token, mounting the Ceph file system, and then performing a high-volume file access operation that triggers the memory leak.