Linux Kernel KSMBD Session Lookup Reference Count Leak Vulnerability

A reference count leak vulnerability has been identified in the Linux kernel's KSMBD (Kernel SMB Daemon) component. This issue arises during session lookups when a session is found but its state is not valid. The invalid state indicates that no valid session exists, yet the reference count from the session lookup is not properly decremented, leading to a leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a reference count leak, which can lead to memory management issues, such as increased memory usage or potential memory corruption.

Reproduction

To reproduce this vulnerability, initiate a session lookup in KSMBD where the session state is not SMB2_SESSION_VALID. The reference count will not be decremented properly, causing a leak.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree by explicitly calling 'ksmbd_user_session_put' to release the reference to the session, thereby fixing the reference count leak.