CVE-2023-54297

In the Linux kernel's btrfs filesystem, a memory leak was discovered in the zoned mode implementation. The function exclude_super_stripes() is responsible for handling block groups that contain super block stripes on zoned devices. In certain bug or memory corruption scenarios, a block group may unexpectedly have super blocks mapped to it. When this occurs, the function correctly errors out, but it fails to free the memory that was allocated to store the logical address of those super blocks [1]. This oversight leads to a memory leak.

To exploit this vulnerability, an attacker would need local access and the ability to trigger the specific condition where a block group with super blocks is encountered on a zoned btrfs filesystem. This could be achieved through crafted operations that corrupt metadata or trigger a kernel bug, potentially requiring elevated privileges to initiate filesystem actions that lead to the error path.

The impact is primarily a memory leak, which can degrade system performance over time as available memory is consumed. In systems with limited memory or under continuous attack, this could lead to denial-of-service conditions. There is no evidence of privilege escalation or data corruption from this leak alone.

The fix was applied in the Linux kernel stable tree via commit c35ea6061962 [1]. System administrators should apply the latest kernel updates from their distribution to address this vulnerability. No known workarounds exist other than avoiding the use of btrfs in zoned mode or ensuring the kernel is patched.