Linux Kernel RxRPC Context Leak Vulnerability in RXGK Response Verification

A vulnerability in the Linux kernel's RxRPC implementation has been addressed. The issue involved a memory leak of the RxGK context within the 'rxgk_verify_response' function. This vulnerability could potentially lead to increased memory usage or other unintended consequences by failing to properly clean up the context created during the verification process.

Impact

The vulnerability could cause a memory leak by not releasing the RxGK context, which may lead to increased memory consumption over time.

Reproduction

The vulnerability can be reproduced by invoking the 'rxgk_verify_response' function in the RxRPC context without proper cleanup of the RxGK context. This can be done by simulating a response verification that triggers the memory leak, such as by using a crafted response that bypasses the authentication checks, causing the function to exit prematurely without releasing the allocated context.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is '1bd3d01378c1f9ecd313d394b51c808c1f418615', which is included in the Linux kernel stable tree.