CVE-2024-53119 : In the Linux kernel, the following vulnerability has been resolved: virtio/vsoc

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm "kworker/5:2", pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............ backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30

Published 2024-12-02 14:15:13

Updated 2024-12-19 19:15:07

Source Linux

View at NVD, CVE.org

Products affected by CVE-2024-53119

Linux » Linux Kernel
Versions from including (>=) 5.10 and before (<) 6.1.119
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.63
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.11.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC1
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC2
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC3
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC4
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC5
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC6
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.12 Update RC7
cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-53119

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-53119

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-12-11
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2024-53119	2024-12-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-53119

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-53119

https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f

virtio/vsock: Fix accept_queue memory leak - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c

virtio/vsock: Fix accept_queue memory leak - kernel/git/stable/linux.git - Linux kernel stable tree
https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813

virtio/vsock: Fix accept_queue memory leak - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4310902c766e371359e6c6311056ae80b5beeac9

virtio/vsock: Fix accept_queue memory leak - kernel/git/stable/linux.git - Linux kernel stable tree
https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549

virtio/vsock: Fix accept_queue memory leak - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379

virtio/vsock: Fix accept_queue memory leak - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-53119

Products affected by CVE-2024-53119

Exploit prediction scoring system (EPSS) score for CVE-2024-53119

CVSS scores for CVE-2024-53119

CWE ids for CVE-2024-53119

References for CVE-2024-53119