CVE-2024-50064 – Memory Leak Resolved in Linux Kernel ZRAM: Freeing Secondary Algorithms Names

Recently, a vulnerability in the Linux Kernel was identified and resolved, which resulted in a potential memory leak. This vulnerability, tagged as CVE-2024-50064, was discovered in the ZRAM (Compressed RAM) module of the kernel. Researchers found that memory was being leaked when the zram device was reset while having multiple streams.

In this post, we will discuss the details of this vulnerability, the solution implemented by the kernel developers, and how it can be safely patched on your Linux systems.

Vulnerability Details

The vulnerability was discovered in the zram module, which implements a compressed block device in RAM, which can be used for swap devices or temporary file systems. The issue arose when the zram device was reset while having multiple streams. This meant that secondary algorithms' names, which were allocated memory earlier, needed to be kfree()-ed (memory to be deallocated) to avoid memory leaks.

However, if the zram device was not reset, the memory leak would not occur as the secondary algorithms' names would continue to be used. This memory leak could potentially result in degraded system performance or even a complete system crash.

Here is a link to the original vulnerability report for your reference:
https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org

Solution

The kernel developers implemented a fix by adding a call to kfree() for the secondary algorithms' names when the zram device is reset. This ensures that the memory is properly deallocated, and prevents the memory leak from occurring.

Code Snippet

The following code snippet shows the addition of kfree() to ensure secondary algorithms' names are properly deallocated when resetting the zram device:

for (comp = ; comp < num_comp_streams; comp++) {
-	if (comp)
-		kfree(zram->compressor[comp]);
	zcomp_free(zram->compressor[comp]);
}

Patching Your System

To ensure your Linux system is protected against this vulnerability, it's essential to keep your kernel up-to-date. The fix for this issue should be included in future kernel releases. Please make sure to apply the latest kernel updates and patches available for your Linux distribution.

Conclusion

Memory leaks can be detrimental to system performance and could ultimately lead to a system crash. Thanks to the Linux kernel developers' quick response, CVE-2024-50064 has been patched and resolved. By staying informed and keeping your Linux system updated, you can minimize the risk of such vulnerabilities affecting your system.

Timeline

Published on: 10/21/2024 20:15:18 UTC
Last modified on: 10/23/2024 21:49:29 UTC