Executive Summary

This vulnerability is a memory leak in the Linux kernel's SMB client implementation, specifically in the smb2_open_file() function. It occurs when using the CIFS protocol to mount a read-only exported directory from a server, perform file operations, unmount the directory, and then remove the CIFS kernel module. During this process, some memory objects are not properly freed, leading to leftover objects in the kernel's memory cache.

The issue manifests as warnings about objects remaining in the slab cache during module removal, indicating that the kernel's memory management routines did not clean up all allocated resources related to CIFS requests.

Useful 0 Not Useful 0

Impact Analysis

This memory leak can cause increased memory usage in the kernel over time when mounting and unmounting CIFS shares, potentially leading to resource exhaustion or degraded system performance. It may also cause warnings or errors during module removal, which could affect system stability or complicate debugging.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by reproducing the conditions that trigger the memory leak in the smb2_open_file() function of the Linux kernel's CIFS client.

• Mount a read-only exported directory from the server using: mount -t cifs //${server_ip}/export /mnt
• Write data to a file on the mounted directory using: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct
• Unmount the mounted directory: umount /mnt
• Remove the CIFS kernel module: modprobe -r cifs

If the vulnerability is present, the kernel logs will show error messages such as "BUG cifs_small_rq (Not tainted): Objects remaining on __kmem_cache_shutdown()" and warnings related to slab cache objects still existing during module removal.

Useful 0 Not Useful 0

Mitigation Strategies

I don't know

Useful 0 Not Useful 0