Linux Kernel efivarfs Memory Leak Vulnerability in fs_context Error Paths

A memory leak vulnerability has been identified in the efivarfs file system of the Linux kernel. This issue arises during the processing of mount options, where the efivarfs file system information (sfi) is allocated early in the file system context (fs_context) initialization. The sfi is meant to be associated with the superblock and typically gets freed when the superblock is destroyed. However, if the fs_context is released before the superblock is fully initialized—such as during error handling or reconfiguration—the sfi structure remains allocated, leading to a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated resources are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Remediation

The vulnerability has been addressed in the Linux kernel by implementing a .free callback in the efivarfs context operations. This change ensures that any allocated efivarfs file system information is properly freed if the file system context is torn down before the superblock is fully initialized. Users can apply the latest patches available in the Linux kernel stable tree to remediate this vulnerability.