Linux Kernel SMB Client Memory Leak Vulnerability in SMB Direct Negotiation

A memory leak vulnerability has been identified in the Linux kernel's SMB client implementation, specifically within the SMB Direct negotiation process. This issue arises when the 'smbdirect_recv_io' function fails, leaving objects unfreed during the error handling phase. As a result, memory is not properly released, leading to a potential resource leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a memory leak, with objects remaining allocated and not properly freed, which can lead to increased memory usage and potential exhaustion of available resources.

Reproduction

The vulnerability can be reproduced by triggering an error in the 'smbd_negotiate' function of the SMB Direct client. This can be done by simulating a failure in the negotiation process, which will cause the function to exit without properly releasing allocated memory. The error can be observed as objects remain in the memory cache after the negotiation process is complete.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.