Linux Kernel Memory Leak Vulnerability in net/mlx5 Component

A memory leak vulnerability has been identified in the Linux kernel's net/mlx5 component, specifically within the hardware steering (HWS) memory management. The issue arises in the error handling path of the 'hws_pool_buddy_init()' function, where the buddy allocator cleanup process fails to free the allocator structure itself. This oversight leads to a memory leak, as the allocated memory is not properly released. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering an error in the 'hws_pool_buddy_init()' function within the net/mlx5 component. This can be done by creating a hardware steering pool that exceeds available resources, causing the initialization function to fail. The error handling path will then activate, leading to the memory leak as the allocator structure is not freed.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patch can be downloaded from the Linux kernel Git repository.