Linux Kernel KVM Vector Context Allocation Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's KVM module for RISC-V architecture. When allocating vector context for a virtual CPU, if the second memory allocation fails, the first allocated context is not properly freed, leading to a memory leak. This issue affects the stable version of the Linux kernel.

Impact

The vulnerability causes a memory leak, which can lead to increased memory usage and potential exhaustion of system resources over time.

Reproduction

The vulnerability can be reproduced by simulating a failure in the second memory allocation for the host vector context while allocating vector context for a RISC-V virtual CPU in KVM. This can be done by modifying the KVM vector context allocation function to induce a failure, which will cause the first allocation for the guest vector context to be leaked.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.