Linux Kernel UDP Memory Leak Vulnerability

A vulnerability in the Linux kernel's UDP implementation has been identified, leading to a memory accounting leak. This issue was reported by Matt Dowling, who observed an unusual spike in UDP memory usage, as reflected in the /proc/net/sockstat file. Under normal conditions, UDP memory usage remains near zero, but it occasionally surged to 524,288 pages and failed to decrease, causing intermittent packet drops. The problem arises when an application sets the receive buffer size to the maximum integer value, triggering an overflow in the memory accounting process. As a result, the reported memory usage doubles when the socket is closed, leading to failed memory allocations and packet loss.

Impact

The vulnerability causes a memory leak in UDP, where the reported memory usage can spike dramatically and fail to decrease, leading to increased memory consumption and intermittent packet drops.

Reproduction

The vulnerability can be reproduced by creating a UDP socket and binding it to a local address. After setting the receive buffer size to the maximum integer value, the socket can be used to send data, which triggers the memory leak. Once the socket is closed, the memory usage remains high and can even double, causing further issues with memory allocation and packet delivery.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the UDP memory accounting process to prevent the integer overflow. Users should upgrade to the latest stable version of the Linux kernel where this issue has been fixed.