Linux Kernel Memory Leak Vulnerability in ATM CLIP Subsystem

A memory leak vulnerability has been identified in the Linux kernel's ATM CLIP (Classical IP and ARP over ATM) implementation. The issue arises in the 'clip_ioctl' function, specifically when handling the 'ATMARPD_CTRL' command. The 'atm_init_atmarp' function is called without proper synchronization, leading to a situation where the 'vcc->push' pointer is incorrectly set. This mismanagement prevents the proper cleanup of allocated resources, causing a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by sending two consecutive 'ioctl' commands to a socket with the 'ATMARPD_CTRL' and 'ATMARP_MKIP' commands. The 'atm_init_atmarp' function will be called without proper synchronization, leading to the memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.