Executive Summary

Informations
Name CVE-2024-53119 First vendor Publication 2024-12-02
Vendor Cve Last vendor Modification 2024-12-19

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

virtio/vsock: Fix accept_queue memory leak

As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak.

vsock_release
__vsock_release
lock
virtio_transport_release
virtio_transport_close
schedule_delayed_work(close_work)
sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue
release
virtio_transport_recv_pkt
vsock_find_bound_socket
lock
if flag(SOCK_DONE) return
virtio_transport_recv_listen
child = vsock_create_connected
(!) vsock_enqueue_accept(child)
release close_work
lock
virtio_transport_do_close
set_flag(SOCK_DONE)
virtio_transport_remove_sock
vsock_remove_sock
vsock_remove_bound
release

Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction.

unreferenced object 0xffff888109e3f800 (size 2040):
comm "kworker/5:2", pid 371, jiffies 4294940105
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............
backtrace (crc 9e5f4e84):
[] kmem_cache_alloc_noprof+0x2c1/0x360
[] sk_prot_alloc+0x30/0x120
[] sk_alloc+0x2c/0x4b0
[] __vsock_create.constprop.0+0x2a/0x310
[] virtio_transport_recv_pkt+0x4dc/0x9a0
[] vsock_loopback_work+0xfd/0x140
[] process_one_work+0x20c/0x570
[] worker_thread+0x1bf/0x3a0
[] kthread+0xdd/0x110
[] ret_from_fork+0x2d/0x50
[] ret_from_fork_asm+0x1a/0x30

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3689

Sources (Detail)

https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379
https://git.kernel.org/stable/c/4310902c766e371359e6c6311056ae80b5beeac9
https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549
https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813
https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f
https://git.kernel.org/stable/c/e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2025-03-29 03:43:40
  • Multiple Updates
2025-03-28 13:47:08
  • Multiple Updates
2025-03-28 03:21:26
  • Multiple Updates
2025-03-19 03:16:29
  • Multiple Updates
2025-03-18 03:29:28
  • Multiple Updates
2025-03-14 03:16:38
  • Multiple Updates
2025-03-06 14:13:11
  • Multiple Updates
2025-02-22 03:26:42
  • Multiple Updates
2025-01-08 03:07:35
  • Multiple Updates
2025-01-07 03:07:08
  • Multiple Updates
2024-12-25 00:20:32
  • Multiple Updates
2024-12-24 21:20:32
  • Multiple Updates
2024-12-20 00:20:33
  • Multiple Updates
2024-12-12 00:20:39
  • Multiple Updates
2024-12-02 17:20:29
  • First insertion