Linux Kernel BPF Per-CPU Hash Map Memory Management Vulnerability

A vulnerability in the Linux kernel's handling of BPF (Berkeley Packet Filter) LRU (Least Recently Used) and per-CPU hash maps can lead to improper memory management. Specifically, the issue arises because these maps support BPF_KPTR_{REF,PERCPU} references, but the necessary memory cleanup calls were missing. This oversight could cause the memory linked to these BPF pointer fields to remain allocated until the map is eventually freed, potentially leading to memory leaks. The vulnerability has been addressed by ensuring that the 'bpf_obj_free_fields()' function is called after copying map values, thereby properly releasing the referenced memory.

Impact

Exploitation of this vulnerability could result in memory leaks, where allocated memory is not properly freed, potentially leading to increased memory usage and degradation of system performance over time.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.