CVE-2024-53118: vsock: Fix sk_error_queue memory leak
First published: Mon Dec 02 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed. unreferenced object 0xffff8881028beb00 (size 224): comm "vsock_test", pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370 [<ffffffff81d35882>] __alloc_skb+0x132/0x180 [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80 [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240 [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0 [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50 [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450 [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0 [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0 [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80 [<ffffffff820d3df3>] do_syscall_64+0x93/0x180 [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.7<6.11.10 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| Linux Kernel | =6.12-rc7 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8
- https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53118
- https://nvd.nist.gov/vuln/detail/CVE-2024-53118
- https://launchpad.net/bugs/cve/CVE-2024-53118
- https://security-tracker.debian.org/tracker/CVE-2024-53118
- https://ubuntu.com/security/CVE-2024-53118
- https://git.kernel.org/linus/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33
Frequently Asked Questions
What is the severity of CVE-2024-53118?
CVE-2024-53118 is considered a moderate severity vulnerability due to the potential for memory leaks in the Linux kernel.
What are the affected versions related to CVE-2024-53118?
CVE-2024-53118 affects Linux kernel versions from 6.7 to 6.11.10 and 6.12 release candidates 1 through 7.
How do I fix CVE-2024-53118?
To remediate CVE-2024-53118, update the Linux kernel to a version that includes the fix.
What is the nature of the issue in CVE-2024-53118?
CVE-2024-53118 involves a memory leak in the vsock component of the Linux kernel when handling MSG_ZEROCOPY completion notifications.
Can CVE-2024-53118 lead to service disruptions?
Yes, CVE-2024-53118 can lead to increased memory usage over time, potentially affecting system stability and performance.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- version/linux kernel/6.12-rc7
- package-manager/debian