| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n hex dump (first 8 bytes):\n 01 b4 4a 1d 80 88 ff ff ..J.....\n backtrace:\n [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128\n [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]\n [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111\n [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882\n [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]\n [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]\n [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/dccp/feat.c" |
| ], |
| "versions": [ |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "623be080ab3c13d71570bd32f7202a8efa8e2252", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "c99507fff94b926fc92279c92d80f229c91cb85d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "bc3d4423def1a9412a0ae454cb4477089ab79276", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "6ff67909ee2ffad911e3122616df41dee23ff4f6", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "d3ec686a369fae5034303061f003cd3f94ddfd23", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "9ee68b0f23706a77f53c832457b9384178b76421", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", |
| "lessThan": "22be4727a8f898442066bcac34f8a1ad0bc72e14", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/dccp/feat.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.29", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.29", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.287", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.231", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.174", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.120", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.66", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.5", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "5.4.287" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "5.10.231" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "5.15.174" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "6.1.120" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "6.6.66" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "6.12.5" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.29", |
| "versionEndExcluding": "6.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14" |
| } |
| ], |
| "title": "dccp: Fix memory leak in dccp_feat_change_recv", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-56643", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
