Linux Kernel SUNRPC GSS Authentication Reference Leak Vulnerability

A reference leak vulnerability has been identified in the Linux kernel's SUNRPC module, specifically within the GSS authentication handling. The issue arises in the 'gss_alloc_msg' function, where a reference count is incremented but not properly decremented in the event of an error. This oversight prevents the 'gss_auth' structure from being freed, leading to a memory leak. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability causes a memory leak by failing to release references to the GSS authentication structure, which can lead to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by invoking the 'gss_alloc_msg' function with a non-NULL 'service_name' parameter, while causing the 'kstrdup_const()' function to fail. This will trigger the error handling path that fails to release the 'gss_auth' reference, creating a leak.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.