CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv] CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<001587c682c4aa98>] iucv_sock_destruct+0x148/0x1a0 [af_iucv] [<001587c682c4a9d0>] iucv_sock_destruct+0x80/0x1a0 [af_iucv] [<001587c704117a32>] __sk_destruct+0x52/0x550 [<001587c704104a54>] __sock_release+0xa4/0x230 [<001587c704104c0c>] sock_close+0x2c/0x40 [<001587c702c5f5a8>] __fput+0x2e8/0x970 [<001587c7024148c4>] task_work_run+0x1c4/0x2c0 [<001587c7023b0716>] do_exit+0x996/0x1050 [<001587c7023b13aa>] do_group_exit+0x13a/0x360 [<001587c7023b1626>] __s390x_sys_exit_group+0x56/0x60 [<001587c7022bccca>] do_syscall+0x27a/0x380 [<001587c7049a6a0c>] __do_syscall+0x9c/0x160 [<001587c7049ce8a8>] system_call+0x70/0x98 Last Breaking-Event-Address: [<001587c682c4a9d4>] iucv_sock_destruct+0x84/0x1a0 [af_iucv]
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.21<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/934326aef7ac4652f81c69d18bf44eebaefc39c3
- https://git.kernel.org/stable/c/42251c2d1ef1cb0822638bebb87ad9120c759673
- https://git.kernel.org/stable/c/783c2c6e61c5a04eb8baea598753d5fa174dbe85
- https://git.kernel.org/stable/c/9f603e66e1c59c1d25e60eb0636cb307d190782e
- https://git.kernel.org/stable/c/ebaf81317e42aa990ad20b113cfe3a7b20d4e937
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53210
- https://nvd.nist.gov/vuln/detail/CVE-2024-53210
- https://launchpad.net/bugs/cve/CVE-2024-53210
- https://security-tracker.debian.org/tracker/CVE-2024-53210
- https://ubuntu.com/security/CVE-2024-53210
- https://git.kernel.org/linus/ebaf81317e42aa990ad20b113cfe3a7b20d4e937
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-cve
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.21
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian