| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n __vsock_release\n lock\n virtio_transport_release\n virtio_transport_close\n schedule_delayed_work(close_work)\n sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n release\n virtio_transport_recv_pkt\n vsock_find_bound_socket\n lock\n if flag(SOCK_DONE) return\n virtio_transport_recv_listen\n child = vsock_create_connected\n (!) vsock_enqueue_accept(child)\n release\nclose_work\n lock\n virtio_transport_do_close\n set_flag(SOCK_DONE)\n virtio_transport_remove_sock\n vsock_remove_sock\n vsock_remove_bound\n release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n comm \"kworker/5:2\", pid 371, jiffies 4294940105\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............\n backtrace (crc 9e5f4e84):\n [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360\n [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120\n [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0\n [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310\n [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0\n [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140\n [<ffffffff810fc6ac>] process_one_work+0x20c/0x570\n [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0\n [<ffffffff811070dd>] kthread+0xdd/0x110\n [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50\n [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/vmw_vsock/virtio_transport_common.c" |
| ], |
| "versions": [ |
| { |
| "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db", |
| "lessThan": "e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db", |
| "lessThan": "4310902c766e371359e6c6311056ae80b5beeac9", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db", |
| "lessThan": "946c7600fa2207cc8d3fbc86a518ec56f98a5813", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db", |
| "lessThan": "897617a413e0bf1c6380e3b34b2f28f450508549", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db", |
| "lessThan": "2415345042245de7601dcc6eafdbe3a3dcc9e379", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db", |
| "lessThan": "d7b0ff5a866724c3ad21f2628c22a63336deec3f", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "2e7dd95046203bd05e8f4dc06ee53cace70a8e3c", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/vmw_vsock/virtio_transport_common.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.10", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.10", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.232", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.175", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.119", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.63", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.11.10", |
| "lessThanOrEqual": "6.11.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "5.10.232" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "5.15.175" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "6.1.119" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "6.6.63" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "6.11.10" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10", |
| "versionEndExcluding": "6.12" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.9.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4310902c766e371359e6c6311056ae80b5beeac9" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f" |
| } |
| ], |
| "title": "virtio/vsock: Fix accept_queue memory leak", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-53119", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
