Linux Kernel ACPICA Cache Leak Vulnerability

A cache leak vulnerability in the ACPICA component of the Linux kernel has been identified and resolved. This issue occurs during ACPI early abort cases, where the 'Acpi-Parse' and 'Acpi-Parse-Ext' caches are not properly cleared, leading to a memory leak. The problem arises because these caches were merged due to having the same slab cache size, and the leak was exacerbated by the SLAB_NEVER_MERGE flag, preventing proper cache management. The vulnerability was discovered in Linux kernel version 4.12.0-rc4-next-20170608.

Impact

Exploitation of this vulnerability leads to a memory leak, where cache objects are not properly released, potentially causing increased memory usage and degradation of system performance.

Reproduction

The vulnerability can be reproduced by initiating the ACPI interpreter in a virtual machine environment, such as VirtualBox, with a Linux kernel version that includes the vulnerability. During the boot process, the ACPI interpreter fails to start, and error messages indicate that certain cache handlers could not be removed. This failure triggers a cache leak, as the 'Acpi-Parse' and 'Acpi-Parse-Ext' caches remain populated when they should have been cleared.