CVE-2023-54055

Vulnerability

The Linux kernel's irdma (Intel RDMA) driver contains a memory leak vulnerability in the management of Physical Buffer List Entry (PBLE) objects [1]. Unlike other HMC (Host Memory Cache) objects that are statically pre-allocated at initialization, PBLE objects and their Segment Descriptors (SD) are dynamically allocated during scale-up and remain allocated until driver deinitialization [1]. The flaw is that the PBLE object memory is not freed when the driver module is removed (rmmod), causing a permanent resource leak [1].

Exploitation

Exploitation does not require authentication, but it does require the ability to load and unload the irdma kernel module, which typically requires root or privileged access on the system [1]. The vulnerability is exposed during normal driver lifecycle operations, particularly when the module is removed after PBLEs have been dynamically allocated [1]. An attacker with sufficient privileges could trigger repeated module load/unload cycles to exhaust system memory over time [1].

Impact

An attacker capable of causing repeated rmmod of the irdma driver can cause a gradual memory leak, potentially leading to system memory exhaustion and denial of service [1]. There is no evidence of code execution or information disclosure from this vulnerability; the impact is limited to resource availability [1].

Mitigation

The fix is included in the Linux kernel stable release via commit 810250c9c6616fe131099c0e51c61f2110ed07bf [1]. The patch adds IRDMA_HMC_IW_PBLE to the iw_hmc_obj_types[] table, ensuring that PBLE objects are properly freed during irdma_del_hmc_objects [1]. Users should apply the updated kernel version to eliminate the leak [1].