Linux Kernel Btrfs Memory Leak Vulnerability in io_uring Read Handling

A memory management vulnerability has been identified in the Linux kernel's Btrfs file system, specifically within the 'io_uring' read operations. The issue arises because the 'pages' allocation is not properly freed in the 'btrfs_uring_read_extent()' function. This oversight can lead to memory leaks, as the function relies on a deferred cleanup process that may not execute as expected. The vulnerability occurs in the stable versions of the Linux kernel that include the affected Btrfs 'io_uring' read functionality.

Impact

The vulnerability can cause memory leaks by failing to free allocated page objects in error scenarios during 'io_uring' read operations, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

To reproduce this vulnerability, initiate an 'io_uring' read operation on a Btrfs file system. The vulnerability can be triggered by simulating an error condition that prevents the 'pages' allocation from being processed as intended, such as not receiving the expected 'EIOCBQUEUED' response from the 'btrfs_encoded_read_regular_fill_pages()' function'. This will cause the 'btrfs_uring_read_extent()' function to skip the necessary cleanup for the 'pages' allocation, leading to a memory leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest stable version that includes the fix.