Linux Kernel batman-adv Backbone Reference Leak Vulnerability

A vulnerability in the Linux kernel's batman-adv module has been addressed. The issue involved a memory leak of backbone gateway references when the function batadv_bla_add_claim() failed to insert a claim into the hash. The error handling path was missing a call to release the leaked reference, which could lead to unnecessary memory consumption.

Impact

The vulnerability could cause a memory leak by failing to release references to backbone gateway objects, potentially leading to increased memory usage over time.

Reproduction

The vulnerability can be reproduced by invoking the batadv_bla_add_claim() function in a scenario where it fails to insert a claim into the hash. This failure will result in a leaked reference to the intended backbone gateway, as the error path does not properly release the reference, causing a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.