CVE-2023-54294

Vulnerability

Description

A memory leak vulnerability exists in the Linux kernel's Multiple Device (MD) driver for RAID10. In the raid10_run() function, if setup_conf() successfully allocates conf->thread but a subsequent step fails before mddev->thread is set, the allocated memory is not freed in the error path. This results in a kernel memory leak [1][2][3].

Exploitation

To exploit this vulnerability, an attacker must be able to trigger raid10_run() in a way that forces a failure after setup_conf() completes. This could be achieved by attempting to create or assemble a RAID10 array with an invalid configuration or causing an error during the device initialization. The attack requires local access with sufficient privileges (typically root) to manage MD devices.

Impact

The impact is a gradual depletion of system memory due to the unreleased allocation. While this does not directly lead to privilege escalation or code execution, repeated exploitation could exhaust memory resources, potentially causing system instability or denial of service.

Mitigation

The vulnerability is fixed in Linux kernel commits [1][2][3]. The fix ensures that mddev->thread is set immediately after setup_conf() so that any subsequent failure will properly clean up the thread allocation. Users should apply the latest kernel updates to remediate this issue.