Linux Kernel Socket Destructor Restoration Vulnerability in Netlink Handshake Requests

A vulnerability in the Linux kernel's handling of netlink handshake requests can lead to a socket leak. The issue arises because the function 'handshake_req_submit()' replaces the socket's destructor but fails to restore it if the submission encounters an error before the request is processed. As a result, the original destructor does not execute, causing a socket leak. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a resource leak by failing to properly close and clean up socket resources, potentially leading to degraded system performance or exhaustion of available sockets.

Reproduction

To reproduce this vulnerability, submit a netlink handshake request using the 'handshake_req_submit()' function. If the submission fails before the request is hashed, the socket's destructor will not be restored, causing the original destructor to be skipped. This can be verified by checking if the socket resources are properly cleaned up after the request fails.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to apply the fix.