Linux Kernel TCP-AO Socket Memory Leak Vulnerability in IPv6 Handling

A memory leak vulnerability has been identified in the Linux kernel's TCP-AO implementation for IPv6. When the function 'tcp_ao_copy_all_matching()' fails during the processing of SYN packets, the error handling is inadequate, leading to unreferenced objects and memory leaks. This issue arises because the necessary cleanup functions are not called, causing allocated memory to remain unfreed. The vulnerability affects the Linux kernel's stable releases.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'tcp_ao_copy_all_matching()' function while processing TCP-AO information in the 'tcp_v6_syn_recv_sock()' function. This can be done by sending SYN packets that cause the 'tcp_ao_copy_all_matching()' function to fail, such as by using specific TCP options that trigger the failure condition. The failure will result in a memory leak, as the function exits without properly releasing the allocated memory.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.