Linux Kernel nvmet-fc Component Reference Leak Vulnerability

A vulnerability in the nvmet-fc component of the Linux kernel can lead to a reference leak. This issue arises because, in the current implementation, only one work item is processed at a time, allowing for multiple asynchronous commands to be in flight simultaneously. Each command takes a reference for the target port, but the work item responsible for releasing this reference is not properly managed, causing a leak. The vulnerability has been addressed by moving the work item to the nvmet_fc_ls_req_op structure, which already tracks all related resources, ensuring that references are correctly released.

Impact

The vulnerability can cause a reference leak, where references to target ports are not properly released, potentially leading to increased memory usage or resource exhaustion over time.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.