Linux Kernel Reference Count Leak Vulnerability in RxRPC Server Keyring

A reference count leak vulnerability has been identified in the Linux kernel's RxRPC implementation, specifically within the 'rxrpc_server_keyring()' function. This vulnerability affects the stable branch of the Linux kernel. The issue arises because the function does not properly manage the reference count, leading to a potential resource leak. The vulnerability can be exploited by manipulating the 'rx->securities' field, which, if not checked, can cause improper reference counting and potentially allow for unauthorized access or modification of resources.

Impact

Exploitation of this vulnerability can lead to a reference count leak, which may cause resource management issues and potentially allow for unauthorized access or modification of resources in the kernel.

Reproduction

The vulnerability can be reproduced by calling the 'rxrpc_server_keyring()' function with a socket that has the 'securities' field set. The function will return an error without properly decrementing the reference count, causing a leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading can be found in the official Linux kernel documentation.