The Linux operating system is widely acclaimed for its robust architecture and security features. However, security vulnerabilities can still creep in from time to time. One such vulnerability discovered recently was the CVE-2021-46956 memory leak issue present in the Linux kernel's virtio file system (virtiofs).

Primarily used for sharing file systems between virtual machines and their host systems, virtiofs is a component that helps facilitate the smooth running of guest machines in a virtualized environment.

This specific vulnerability manifested itself when the same 'tag' was accidentally passed twice to the qemu (Quick Emulator) virtualization package used in conjunction with virtiofs. The error led to the triggering of a kmemleak (a kernel memory leak detector) log report along with an error message:

The kmemleak log report, as shown below, reveals the unreferenced object, hex dump, and backtrace

unreferenced object xffff888103d47800 (size 1024):
  comm "systemd-udevd", pid 118, jiffies 429489378 (age 18.340s)
  hex dump (first 32 bytes):
    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
    ff ff ff ff ff ff ff ff 80 90 02 a ff ff ff ff  ................
  backtrace:
    [<000000000ebb87c1>] virtio_fs_probe+x171/x7ae [virtiofs]
    [<00000000f8aca419>] virtio_dev_probe+x15f/x210
    [<000000004d6baf3c>] really_probe+xea/x430
    [<00000000a6ceeac8>] device_driver_attach+xa8/xb
    [<00000000196f47a7>] __driver_attach+x98/x140
    [<000000000b20601d>] bus_for_each_dev+x7b/xc
    [<00000000399c7b7f>] bus_add_driver+x11b/x1f
    [<0000000032b09ba7>] driver_register+x8f/xe
    [<00000000cdd55998>] xffffffffa002c013
    [<000000000ea196a2>] do_one_initcall+x64/x2e
    [<0000000008f727ce>] do_init_module+x5c/x260
    [<000000003cdedab6>] __do_sys_finit_module+xb5/x120
    [<00000000ad2f48c6>] do_syscall_64+x33/x40
    [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+x44/xae

To address this vulnerability, Linux kernel developers have released a patch that fixes the memory leak issue in the virtio_fs_probe() function. The code snippet responsible for the memory leak has been debugged and fixed, ensuring smooth and seamless operations for virtual machines.

It is highly recommended for users and system administrators to update their Linux kernel packages to the latest version incorporating the patch for CVE-2021-46956, thereby mitigating any potential attacks exploiting this vulnerability.

1. CVE-2021-46956 - official information on the vulnerability from the Common Vulnerabilities and Exposures database.
2. Linux Kernel Patch - Linux kernel mailing list announcement of the patch release.
3. virtiofs - a detailed description of the virtiofs component and its functionality.

Timeline

Published on: 02/27/2024 19:04:06 UTC
Last modified on: 12/06/2024 17:54:34 UTC