Linux Kernel EFI Boot Services Memory Management Vulnerability Causes RAM Leak on EC2 Instances

A vulnerability in the Linux kernel's handling of EFI boot services memory can lead to a significant RAM leak, particularly on EC2 t3a.nano instances. The issue arises because the function efi_free_boot_services() is called before the memory map is fully initialized, causing approximately 140MB of RAM to remain unreleased. This problem is exacerbated by the fact that the freed memory may reside in uninitialized areas of the memory map, where it won't be properly reclaimed. The vulnerability is present in the Linux kernel's stable releases, specifically in the x86 architecture with EFI support.

Impact

The vulnerability causes a memory leak of about 140MB on affected EC2 t3a.nano instances, which only have 512MB of RAM available.

Reproduction

The vulnerability can be reproduced by running a Linux kernel version that includes this vulnerability on an EC2 t3a.nano instance. The issue will manifest as an unexplained increase in memory usage, approximately 140MB, which will not be released back to the system.

Remediation

Users can upgrade to a patched version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable repository.