Linux Kernel BPF Memory Leak Vulnerability in Per-CPU Hashmap Allocation

A memory leak vulnerability has been identified in the Linux kernel's BPF (Berkeley Packet Filter) implementation, specifically within the per-CPU hashmap allocation process. The issue arises from an unreferenced object not being properly aligned in memory, leading to a kmemleak warning. This misalignment causes the memory leak detection mechanism to overlook the stored pointer, falsely indicating a memory leak. The vulnerability can be reproduced by enabling kmemleak debugging, modifying a BPF self-test to keep a hashmap available for leak detection, and then running the test, which triggers the kmemleak report.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly referenced or freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

To reproduce this vulnerability, first enable the CONFIG_DEBUG_KMEMLEAK configuration in the Linux kernel. Then, add a getchar() call before the destruction of a BPF hashmap in the 'test_hash_map' function of the BPF self-test program 'for_each.c'. This modification allows the hashmap to remain available for kmemleak detection. After saving the changes, run the BPF self-test program with the modified hashmap test. The kmemleak tool should report the unreferenced memory, indicating the presence of the vulnerability.