It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
A flaw was found in Gluster 3.12.11 and 3.12.12 FUSE client. The fsync(2) system call appears to directly or indirectly leak memory in "gf_common_mt_memdup" and "gf_common_mt_char" functions. An attacker could exploit this vulnerablity to perform a Denial of Service attack.
Name: Michael Hanselmann (hansmi.ch)
This memory leak does not appear to be reproducible on glusterfs-3.8.x. The FUSE interface changed significantly between 3.8 and 3.12.
Created glusterfs tracking bugs for this issue:
Affects: fedora-all [bug 1625078]
This issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6 and 7, and Red Hat Gluster Storage 3.