CVE-2024-27388 - The Resolution of Vulnerabilities in the Linux Kernel: SUNRPC: Fixing Memleaks in gssx_dec_option_array

It has recently come to light that in the Linux kernel, a vulnerability concerning memory leaks in the Generic Security Services API (GSSAPI) kernel implementation has been addressed. This issue is officially known as CVE-2024-27388 and it revolves around the SUNRPC subsystem, where some memory resources are not released correctly. In the remainder of this post, we will delve into the details of this vulnerability, demonstrate how it presents itself within the Linux kernel, and explore how the problem has been remedied.

Description of the Vulnerability

The vulnerability in question pertains to memory leaks in the gssx_dec_option_array function, which is part of the SUNRPC subsystem within the Linux kernel. Memory leaks generally occur when memory is allocated to a program that is not subsequently released when no longer required. Over time, memory leaks can lead to a depletion of resources, slowing down the system, and ultimately causing the system to become unstable and crash.

To gain a deeper understanding of this issue, it is essential to familiarize oneself with how memory is allocated and managed in the Linux kernel. Essentially, the creds and oa->data elements must be freed after they have been allocated. However, in the current implementation, these elements are not freed in all error-handling paths, leading to the aforementioned memory leaks.

Resolution of the Vulnerability

To address this vulnerability, a patch has been introduced that adds deallocations in the corresponding error-handling paths. A snippet of the patch is provided below:

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 72a687e..111dfa6 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -192,6 +192,8 @@ static int gssx_dec_option_array(struct xdr_stream *xdr,

 alloc_error:
    kfree(creds);
+   kfree(oa->data);
enter:
oa->count = ;
return ret;

By incorporating this patch, the vulnerability is effectively resolved, ensuring that memory is adequately released when it is no longer needed.

Original References

1) The official announcement of the vulnerability can be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388

2) A detailed explanation of the patch, including the code changes, can be located here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/commit_name=commit_id

Exploit Details

Fortunately, as it stands, there have been no publicly reported instances of this vulnerability being exploited in the wild. However, it is crucial to ensure that your Linux kernel is updated with the relevant patch to avoid any potential memory leak issues that may arise as a result of this vulnerability.

Conclusion

In summary, CVE-2024-27388 is a noteworthy vulnerability within the Linux kernel that pertains to memory leaks in the gssx_dec_option_array function. Thankfully, this issue has been successfully resolved through the addition of deallocations in the required error-handling paths. To guarantee the continued stability and performance of your system, it is vital to update your Linux kernel with the most recent patch addressing this vulnerability.

Timeline

Published on: 05/01/2024 13:15:51 UTC
Last modified on: 11/21/2024 09:04:30 UTC