Linux Kernel AX25 Socket Autobind Memory Leak Vulnerability

A vulnerability in the Linux kernel's AX25 networking implementation has been addressed. The issue arose from a broken autobind feature for AX25 sockets, which led to memory leaks in the 'ax25_connect' function' and reference count leaks in 'ax25_release'. The memory leak was identified by 'kmemleak', which detected unreferenced objects resulting from the faulty autobind feature. When sockets were bound using autobind, reference counts were not properly incremented, causing memory management issues. This vulnerability was discovered by the Linux Verification Center using Syzkaller, a fuzzing tool.

Impact

Exploitation of this vulnerability could lead to memory management issues, causing memory leaks and reference count mismanagement in the AX25 socket handling.

Reproduction

The vulnerability can be reproduced by using the AX25 protocol's autobind feature, which is available in the Linux kernel. This can be done by calling the 'connect' function on an AX25 socket without first binding it manually. The 'ax25_connect' function will then use the broken autobind feature, leading to the memory and reference count leaks. This issue can be observed with the 'kmemleak' tool, which will report the unreferenced objects and memory leaks caused by the faulty autobind implementation.

Remediation

The broken autobind feature has been removed in the latest Linux kernel updates. Users should upgrade to the patched version to address this vulnerability.