Linux Kernel Rxrpc Key Reference Count Leak Vulnerability

A key reference count leak vulnerability has been identified in the Linux kernel's Rxrpc implementation. When a client call is created, a reference to the key is obtained but not properly released, leading to a memory leak when the call is destroyed. This issue has been addressed by modifying the call destruction process to include the necessary cleanup of the key reference. The vulnerability was present in the Linux kernel stable tree.

Impact

The vulnerability could lead to a memory leak by not properly releasing key references, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by creating a client call in the Rxrpc layer, which will automatically increment the key reference count. After the call is destroyed, the reference count remains elevated, indicating that the key reference was not properly released. This can be verified by checking the key reference count in the /proc/keys file before and after the call is destroyed.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.