Linux Kernel Refcount Leak Vulnerability in SMB2 Durable Handle Context Parsing

A refcount leak vulnerability has been identified in the Linux kernel's SMB server component, specifically within the function that parses durable handle contexts for SMB2 protocol. This vulnerability arises when a replay operation is being processed and the function returns an -ENOEXEC error. In this scenario, the reference count of the ksmbd_file is not properly released, leading to a memory management issue.

Impact

Exploitation of this vulnerability causes a refcount leak, which can lead to memory not being freed properly, potentially causing a denial-of-service condition by exhausting available memory resources.

Reproduction

The vulnerability can be reproduced by sending an SMB2 request that includes a durable handle context with the replay operation flag set. When the server processes this request and encounters a condition that triggers the -ENOEXEC error, the vulnerability manifests as the reference count for the associated ksmbd_file not being decremented, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.