Linux Kernel Ext4 iloc.bh Memory Leak Vulnerability in Fast Commit Replay Function

A memory leak vulnerability has been identified in the Linux kernel's Ext4 file system, specifically within the fast commit replay functionality. The issue arises in the 'ext4_fc_replay_inode()' function, which fails to properly release a reference to the inode buffer header (iloc.bh) under certain error conditions. This oversight can lead to a resource leak, as the unfreed buffer references accumulate and potentially exhaust system memory.

Impact

The vulnerability causes a memory leak by failing to release buffer references, which can accumulate and deplete system memory resources.

Reproduction

The vulnerability can be reproduced by invoking the 'ext4_fc_replay_inode()' function in a scenario where one of the following operations fails: 'ext4_handle_dirty_metadata()', 'sync_dirty_buffer()', 'ext4_mark_inode_used()', or 'ext4_iget()'. These failures cause the function to jump to the 'out' label without releasing the 'iloc.bh' reference, leading to the memory leak.

Remediation

The vulnerability has been addressed by modifying the 'ext4_fc_replay_inode()' function to ensure that the 'iloc.bh' reference is always released, regardless of how the function exits. This fix is included in the latest version of the Linux kernel.