Linux Kernel Tun Driver Memory Leak Vulnerability in XDP Processing

A memory leak vulnerability has been identified in the Linux kernel's tun driver, specifically within the 'tun_xdp_one' function. This issue arises when the 'build_skb' function fails, as the error handling does not properly free a page allocated for the frame, leading to a leak of one page-frag chunk for each failure in a batch. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a memory leak, where each failure of the 'build_skb' function in a batch results in one leaked page-fragment chunk.

Reproduction

The vulnerability can be reproduced by sending an array of XDP buffers through the 'sendmsg' function, which triggers the 'tun_xdp_one' function. When 'build_skb' fails, the current error handling leaks the allocated page without freeing it, creating a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.