A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a DoS (memory consumption).
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1774947]
Only root can manipulate ftrace filters, right?
Is there a way for an unprivileged user to trigger this memory leak?
This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (high privileges).
In reply to comment #2:
> Only root can manipulate ftrace filters, right?
> Is there a way for an unprivileged user to trigger this memory leak?
I'm not aware of one. Maybe perf with non paranoid setting. But that would still need privileged user to adjust the defaults.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
(In reply to Marian Rehak from comment #0)
> A memory leak in the predicate_parse() function in
> kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows
> attackers to cause a DoS (memory consumption).
> Upstream Reference:
Is this an actual issue or an hypothetical one? It seems to me that the error path that leads to the memory leak is unreachable. It's supposed to happen when the depth of the nested parentheses in the filter is deeper than expected, but the depth has just been calculated in calc_stack(). The parser code is quite complicated though, and I might have missed something.
On the other hand, I did hit another memory leak while trying to trigger the issue. It's fixed upstream by commit eea9be33cd19 ("tracing: Fix memory leak in create_filter()").