CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline] [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline] [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Clean up the allocated memory in case of dccp_feat_push_confirm() failure and bail out with an error reset code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.29<5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.66 | |
| Linux Kernel | >=6.7<6.12.5 | |
| Linux Kernel | =6.13-rc1 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.135-1 6.12.22-1 6.12.25-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252
- https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d
- https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276
- https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6
- https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23
- https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421
- https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56643
- https://nvd.nist.gov/vuln/detail/CVE-2024-56643
- https://launchpad.net/bugs/cve/CVE-2024-56643
- https://security-tracker.debian.org/tracker/CVE-2024-56643
- https://ubuntu.com/security/CVE-2024-56643
- https://git.kernel.org/linus/22be4727a8f898442066bcac34f8a1ad0bc72e14
Frequently Asked Questions
What is the severity of CVE-2024-56643?
The severity of CVE-2024-56643 is not specified in the public advisory, but it addresses a memory leak in the Linux kernel.
How do I fix CVE-2024-56643?
To fix CVE-2024-56643, you should update to the latest version of the Linux kernel that includes the patch.
What systems are affected by CVE-2024-56643?
CVE-2024-56643 affects multiple versions of the Linux kernel ranging from 2.6.29 to 6.13-rc1.
What does CVE-2024-56643 involve?
CVE-2024-56643 involves a memory leak in the dccp_feat_change_recv function of the Linux kernel.
Is there a public disclosure for CVE-2024-56643?
Yes, CVE-2024-56643 has been documented and publicly disclosed by the Linux kernel development team.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.29
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13-rc1
- package-manager/debian