cve-2024-53118
Vulnerability from cvelistv5
Published
2024-12-02 13:44
Modified
2024-12-19 09:39
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed. unreferenced object 0xffff8881028beb00 (size 224): comm "vsock_test", pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370 [<ffffffff81d35882>] __alloc_skb+0x132/0x180 [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80 [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240 [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0 [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50 [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450 [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0 [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0 [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80 [<ffffffff820d3df3>] do_syscall_64+0x93/0x180 [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33Patch
Impacted products
Vendor Product Version
Linux Linux Version: 581512a6dc939ef122e49336626ae159f3b8a345
Version: 581512a6dc939ef122e49336626ae159f3b8a345
 Create a notification for this product.
   Linux Linux Version: 6.7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bea4779a45f49275b1e1b1bd9de03cd3727244d8",
              "status": "affected",
              "version": "581512a6dc939ef122e49336626ae159f3b8a345",
              "versionType": "git"
            },
            {
              "lessThan": "fbf7085b3ad1c7cc0677834c90f985f1b4f77a33",
              "status": "affected",
              "version": "581512a6dc939ef122e49336626ae159f3b8a345",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix sk_error_queue memory leak\n\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\nclean up the queue when the socket is destroyed.\n\nunreferenced object 0xffff8881028beb00 (size 224):\n  comm \"vsock_test\", pid 1218, jiffies 4294694897\n  hex dump (first 32 bytes):\n    90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff  ..!.......!.....\n    00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff  ..........!.....\n  backtrace (crc 6c7031ca):\n    [\u003cffffffff81418ef7\u003e] kmem_cache_alloc_node_noprof+0x2f7/0x370\n    [\u003cffffffff81d35882\u003e] __alloc_skb+0x132/0x180\n    [\u003cffffffff81d2d32b\u003e] sock_omalloc+0x4b/0x80\n    [\u003cffffffff81d3a8ae\u003e] msg_zerocopy_realloc+0x9e/0x240\n    [\u003cffffffff81fe5cb2\u003e] virtio_transport_send_pkt_info+0x412/0x4c0\n    [\u003cffffffff81fe6183\u003e] virtio_transport_stream_enqueue+0x43/0x50\n    [\u003cffffffff81fe0813\u003e] vsock_connectible_sendmsg+0x373/0x450\n    [\u003cffffffff81d233d5\u003e] ____sys_sendmsg+0x365/0x3a0\n    [\u003cffffffff81d246f4\u003e] ___sys_sendmsg+0x84/0xd0\n    [\u003cffffffff81d26f47\u003e] __sys_sendmsg+0x47/0x80\n    [\u003cffffffff820d3df3\u003e] do_syscall_64+0x93/0x180\n    [\u003cffffffff8220012b\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:39:35.804Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33"
        }
      ],
      "title": "vsock: Fix sk_error_queue memory leak",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53118",
    "datePublished": "2024-12-02T13:44:49.658Z",
    "dateReserved": "2024-11-19T17:17:24.994Z",
    "dateUpdated": "2024-12-19T09:39:35.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53118\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-02T14:15:12.567\",\"lastModified\":\"2024-12-11T20:52:52.993\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nvsock: Fix sk_error_queue memory leak\\n\\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\\nclean up the queue when the socket is destroyed.\\n\\nunreferenced object 0xffff8881028beb00 (size 224):\\n  comm \\\"vsock_test\\\", pid 1218, jiffies 4294694897\\n  hex dump (first 32 bytes):\\n    90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff  ..!.......!.....\\n    00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff  ..........!.....\\n  backtrace (crc 6c7031ca):\\n    [\u003cffffffff81418ef7\u003e] kmem_cache_alloc_node_noprof+0x2f7/0x370\\n    [\u003cffffffff81d35882\u003e] __alloc_skb+0x132/0x180\\n    [\u003cffffffff81d2d32b\u003e] sock_omalloc+0x4b/0x80\\n    [\u003cffffffff81d3a8ae\u003e] msg_zerocopy_realloc+0x9e/0x240\\n    [\u003cffffffff81fe5cb2\u003e] virtio_transport_send_pkt_info+0x412/0x4c0\\n    [\u003cffffffff81fe6183\u003e] virtio_transport_stream_enqueue+0x43/0x50\\n    [\u003cffffffff81fe0813\u003e] vsock_connectible_sendmsg+0x373/0x450\\n    [\u003cffffffff81d233d5\u003e] ____sys_sendmsg+0x365/0x3a0\\n    [\u003cffffffff81d246f4\u003e] ___sys_sendmsg+0x84/0xd0\\n    [\u003cffffffff81d26f47\u003e] __sys_sendmsg+0x47/0x80\\n    [\u003cffffffff820d3df3\u003e] do_syscall_64+0x93/0x180\\n    [\u003cffffffff8220012b\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: se corrige la p\u00e9rdida de memoria sk_error_queue. El kernel coloca en cola las notificaciones de finalizaci\u00f3n MSG_ZEROCOPY en la cola de errores, donde permanecen hasta que se recv()en forma expl\u00edcita. Para evitar p\u00e9rdidas de memoria, limpie la cola cuando se destruya el socket. objeto sin referencia 0xffff8881028beb00 (tama\u00f1o 224): comm \\\"vsock_test\\\", pid 1218, jiffies 4294694897 volcado hexadecimal (primeros 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [] kmem_cache_alloc_node_noprof+0x2f7/0x370 [] __alloc_skb+0x132/0x180 [] sock_omalloc+0x4b/0x80 [] msg_zerocopy_realloc+0x9e/0x240 [] virtio_transport_send_pkt_info+0x412/0x4c0 [] virtio_transport_stream_enqueue+0x43/0x50 [] vsock_connectible_sendmsg+0x373/0x450 [] ____sys_sendmsg+0x365/0x3a0 [] ___sys_sendmsg+0x84/0xd0 [] __sys_sendmsg+0x47/0x80 [] do_syscall_64+0x93/0x180 [] entry_SYSCALL_64_after_hwframe+0x76/0x7e\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.10\",\"matchCriteriaId\":\"C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EF8CD82-1EAE-4254-9545-F85AB94CF90F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.