Linux Kernel Ice Driver Multi-Buffer Frame Rx Page Leak Vulnerability

A vulnerability in the Linux kernel's ice driver can lead to a memory leak of received (Rx) pages when handling multi-buffer frames. This issue arises because the ice_put_rx_mbuf() function, which is responsible for managing Rx buffers, fails to process certain descriptors with a size of zero. These skipped descriptors are not counted as fragments, preventing the corresponding buffers from being properly released or recycled. As a result, stale pages remain in the Rx ring, causing a memory leak. This problem is particularly prevalent with 'jumbo frames' using a 9K MTU.

Impact

The vulnerability causes a memory leak by leaving stale pages in the Rx ring, which are not properly recycled or freed. This can lead to increased memory usage and potential exhaustion of available memory resources.

Reproduction

The vulnerability can be reproduced by configuring the ice driver to handle multi-buffer XDP (eXpress Data Path) support. When the hardware posts Rx descriptors with a size of zero, which can occur with jumbo frames at 9K MTU, the ice_put_rx_mbuf() function will skip these descriptors. This omission prevents the corresponding Rx buffers from being released, creating a memory leak. Monitoring the memory usage while processing multi-buffer XDP frames can demonstrate the leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.