CVE-2023-53190

In the Linux kernel, the following vulnerability has been resolved:

vxlan: Fix memory leaks in error path

The memory allocated by vxlanvnigroupinit() is not freed in the error path, leading to memory leaks [1]. Fix by calling vxlanvnigroupuninit() in the error path.

The leaks can be reproduced by annotating grocellsinit() with ALLOWERRORINJECTION() and then running:

# echo "100" > /sys/kernel/debug/failfunction/probability # echo "1" > /sys/kernel/debug/failfunction/times # echo "grocellsinit" > /sys/kernel/debug/failfunction/inject # printf %#x -12 > /sys/kernel/debug/failfunction/grocellsinit/retval # ip link add name vxlan0 type vxlan dstport 4789 external vnifilter RTNETLINK answers: Cannot allocate memory

[1] unreferenced object 0xffff88810db84a00 (size 512): comm "ip", pid 330, jiffies 4295010045 (age 66.016s) hex dump (first 32 bytes): f8 d5 76 0e 81 88 ff ff 01 00 00 00 00 00 00 02 ..v............. 03 00 04 00 48 00 00 00 00 00 00 01 04 00 01 00 ....H........... backtrace: [<ffffffff81a3097a>] kmalloctrace+0x2a/0x60 [<ffffffff82f049fc>] vxlanvnigroupinit+0x4c/0x160 [<ffffffff82ecd69e>] vxlaninit+0x1ae/0x280 [<ffffffff836858ca>] register_netdevice+0x57a/0x16d0 [<ffffffff82ef67b7>] __vxlandevcreate+0x7c7/0xa50 [<ffffffff82ef6ce6>] vxlan_newlink+0xd6/0x130 [<ffffffff836d02ab>] __rtnlnewlink+0x112b/0x18a0 [<ffffffff836d0a8c>] rtnlnewlink+0x6c/0xa0 [<ffffffff836c0ddf>] rtnetlinkrcvmsg+0x43f/0xd40 [<ffffffff83908ce0>] netlinkrcvskb+0x170/0x440 [<ffffffff839066af>] netlinkunicast+0x53f/0x810 [<ffffffff839072d8>] netlinksendmsg+0x958/0xe70 [<ffffffff835c319f>] ____sys_sendmsg+0x78f/0xa90 [<ffffffff835cd6da>] ___sys_sendmsg+0x13a/0x1e0 [<ffffffff835cd94c>] __syssendmsg+0x11c/0x1f0 [<ffffffff8424da78>] dosyscall_64+0x38/0x80 unreferenced object 0xffff88810e76d5f8 (size 192): comm "ip", pid 330, jiffies 4295010045 (age 66.016s) hex dump (first 32 bytes): 04 00 00 00 00 00 00 00 db e1 4f e7 00 00 00 00 ..........O..... 08 d6 76 0e 81 88 ff ff 08 d6 76 0e 81 88 ff ff ..v.......v..... backtrace: [<ffffffff81a3162e>] __kmallocnode+0x4e/0x90 [<ffffffff81a0e166>] kvmallocnode+0xa6/0x1f0 [<ffffffff8276e1a3>] buckettablealloc.isra.0+0x83/0x460 [<ffffffff8276f18b>] rhashtableinit+0x43b/0x7c0 [<ffffffff82f04a1c>] vxlanvnigroup_init+0x6c/0x160 [<ffffffff82ecd69e>] vxlaninit+0x1ae/0x280 [<ffffffff836858ca>] registernetdevice+0x57a/0x16d0 [<ffffffff82ef67b7>] __vxlandevcreate+0x7c7/0xa50 [<ffffffff82ef6ce6>] vxlan_newlink+0xd6/0x130 [<ffffffff836d02ab>] __rtnlnewlink+0x112b/0x18a0 [<ffffffff836d0a8c>] rtnlnewlink+0x6c/0xa0 [<ffffffff836c0ddf>] rtnetlinkrcvmsg+0x43f/0xd40 [<ffffffff83908ce0>] netlinkrcvskb+0x170/0x440 [<ffffffff839066af>] netlinkunicast+0x53f/0x810 [<ffffffff839072d8>] netlinksendmsg+0x958/0xe70 [<ffffffff835c319f>] ___syssendmsg+0x78f/0xa90