CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msg_init_ns failed in create_ipc_ns Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure. Here is the kmemleak stack when percpu failed: unreferenced object 0xffff88819de2a600 (size 512): comm "shmem_2nstest", pid 120711, jiffies 4300542254 hex dump (first 32 bytes): 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H..... 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V..... backtrace (crc be7cba35): [<ffffffff81b43f83>] __kmalloc_node_track_caller_noprof+0x333/0x420 [<ffffffff81a52e56>] kmemdup_noprof+0x26/0x50 [<ffffffff821b2f37>] setup_mq_sysctls+0x57/0x1d0 [<ffffffff821b29cc>] copy_ipcs+0x29c/0x3b0 [<ffffffff815d6a10>] create_new_namespaces+0x1d0/0x920 [<ffffffff815d7449>] copy_namespaces+0x2e9/0x3e0 [<ffffffff815458f3>] copy_process+0x29f3/0x7ff0 [<ffffffff8154b080>] kernel_clone+0xc0/0x650 [<ffffffff8154b6b1>] __do_sys_clone+0xa1/0xe0 [<ffffffff843df8ff>] do_syscall_64+0xbf/0x1c0 [<ffffffff846000b0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=6.1<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/3d230cfd4b9b0558c7b2039ba1def2ce6b6cd158
- https://git.kernel.org/stable/c/10209665b5bf199f8065b2e7d2b2dc6cdf227117
- https://git.kernel.org/stable/c/8fed302872e26c7bf44d855c53a1cde747172d58
- https://git.kernel.org/stable/c/928de5fcd462498b8334107035da8ab85e316d8a
- https://git.kernel.org/stable/c/bc8f5921cd69188627c08041276238de222ab466
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53175
- https://nvd.nist.gov/vuln/detail/CVE-2024-53175
- https://launchpad.net/bugs/cve/CVE-2024-53175
- https://security-tracker.debian.org/tracker/CVE-2024-53175
- https://ubuntu.com/security/CVE-2024-53175
- https://git.kernel.org/linus/bc8f5921cd69188627c08041276238de222ab466
Frequently Asked Questions
What is the severity of CVE-2024-53175?
CVE-2024-53175 is classified with a moderate severity due to potential memory leaks that could affect system performance.
How do I fix CVE-2024-53175?
To fix CVE-2024-53175, update the Linux kernel to a version that includes the patch for this vulnerability.
What versions of the Linux kernel are affected by CVE-2024-53175?
CVE-2024-53175 affects Linux kernel versions between 6.1 and 6.12, excluding specific patched versions.
What does CVE-2024-53175 impact in the Linux kernel?
CVE-2024-53175 impacts IPC (Inter-Process Communication) functionality by potentially causing memory leaks.
Is there any exploit available for CVE-2024-53175?
At present, there has been no public disclosure of known exploits for CVE-2024-53175.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.1
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian