Linux Kernel RDS MR Cleanup Vulnerability in RDMA Mapping Function

A vulnerability has been identified in the Linux kernel's Reliable Datagram Sockets (RDS) implementation, specifically within the RDMA mapping function. This issue arises because the function transfers ownership of scatter-gather (SG) pages to the transport layer after successfully obtaining a memory region (MR). If an error occurs while copying the generated cookie back to user space, the function fails to properly clean up the resources before releasing the MR reference. As a result, the error handling path can lead to a resource leak. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a resource leak by failing to properly clean up after an error, which could lead to increased memory usage or other resource exhaustion issues.

Reproduction

The vulnerability can be reproduced by invoking the RDS RDMA mapping function in a scenario where the cookie copying process fails after the MR has been established. This will trigger the error handling path, which improperly manages the cleanup of resources, leaving them allocated and potentially causing a leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.