Linux Kernel CCA Card Memory Leak Vulnerability in s390/zcrypt

A memory leak vulnerability has been identified in the Linux kernel's s390/zcrypt component, specifically when CCA cards are used as accelerators for clear key RSA requests. This issue arises because, after a recent change in memory allocation, the new allocation was not properly managed, leaving the older allocation in place and causing a leak. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using CCA cards as accelerators for clear key RSA requests in the s390/zcrypt component of the Linux kernel. This will trigger the memory leak as the older memory allocation is not freed, while the new allocation, which is properly managed, is in place.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.