CVE-2024-53119 (GCVE-0-2024-53119)

Vulnerability from cvelistv5 – Published: 2024-12-02 13:44 – Updated: 2025-11-03 22:29
VLAI?
Title
virtio/vsock: Fix accept_queue memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm "kworker/5:2", pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............ backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 3fe356d58efae54dade9ec94ea7c919ed20cf4db , < e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c (git)
Affected: 3fe356d58efae54dade9ec94ea7c919ed20cf4db , < 4310902c766e371359e6c6311056ae80b5beeac9 (git)
Affected: 3fe356d58efae54dade9ec94ea7c919ed20cf4db , < 946c7600fa2207cc8d3fbc86a518ec56f98a5813 (git)
Affected: 3fe356d58efae54dade9ec94ea7c919ed20cf4db , < 897617a413e0bf1c6380e3b34b2f28f450508549 (git)
Affected: 3fe356d58efae54dade9ec94ea7c919ed20cf4db , < 2415345042245de7601dcc6eafdbe3a3dcc9e379 (git)
Affected: 3fe356d58efae54dade9ec94ea7c919ed20cf4db , < d7b0ff5a866724c3ad21f2628c22a63336deec3f (git)
Affected: 2e7dd95046203bd05e8f4dc06ee53cace70a8e3c (git)
Create a notification for this product.
    Linux Linux Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.63 , ≤ 6.6.* (semver)
Unaffected: 6.11.10 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:29:24.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/virtio_transport_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c",
              "status": "affected",
              "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db",
              "versionType": "git"
            },
            {
              "lessThan": "4310902c766e371359e6c6311056ae80b5beeac9",
              "status": "affected",
              "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db",
              "versionType": "git"
            },
            {
              "lessThan": "946c7600fa2207cc8d3fbc86a518ec56f98a5813",
              "status": "affected",
              "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db",
              "versionType": "git"
            },
            {
              "lessThan": "897617a413e0bf1c6380e3b34b2f28f450508549",
              "status": "affected",
              "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db",
              "versionType": "git"
            },
            {
              "lessThan": "2415345042245de7601dcc6eafdbe3a3dcc9e379",
              "status": "affected",
              "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db",
              "versionType": "git"
            },
            {
              "lessThan": "d7b0ff5a866724c3ad21f2628c22a63336deec3f",
              "status": "affected",
              "version": "3fe356d58efae54dade9ec94ea7c919ed20cf4db",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2e7dd95046203bd05e8f4dc06ee53cace70a8e3c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/virtio_transport_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.10",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.9.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n  __vsock_release\n    lock\n    virtio_transport_release\n      virtio_transport_close\n        schedule_delayed_work(close_work)\n    sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n    release\n                                        virtio_transport_recv_pkt\n                                          vsock_find_bound_socket\n                                          lock\n                                          if flag(SOCK_DONE) return\n                                          virtio_transport_recv_listen\n                                            child = vsock_create_connected\n                                      (!)   vsock_enqueue_accept(child)\n                                          release\nclose_work\n  lock\n  virtio_transport_do_close\n    set_flag(SOCK_DONE)\n    virtio_transport_remove_sock\n      vsock_remove_sock\n        vsock_remove_bound\n  release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n  comm \"kworker/5:2\", pid 371, jiffies 4294940105\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00  (..@............\n  backtrace (crc 9e5f4e84):\n    [\u003cffffffff81418ff1\u003e] kmem_cache_alloc_noprof+0x2c1/0x360\n    [\u003cffffffff81d27aa0\u003e] sk_prot_alloc+0x30/0x120\n    [\u003cffffffff81d2b54c\u003e] sk_alloc+0x2c/0x4b0\n    [\u003cffffffff81fe049a\u003e] __vsock_create.constprop.0+0x2a/0x310\n    [\u003cffffffff81fe6d6c\u003e] virtio_transport_recv_pkt+0x4dc/0x9a0\n    [\u003cffffffff81fe745d\u003e] vsock_loopback_work+0xfd/0x140\n    [\u003cffffffff810fc6ac\u003e] process_one_work+0x20c/0x570\n    [\u003cffffffff810fce3f\u003e] worker_thread+0x1bf/0x3a0\n    [\u003cffffffff811070dd\u003e] kthread+0xdd/0x110\n    [\u003cffffffff81044fdd\u003e] ret_from_fork+0x2d/0x50\n    [\u003cffffffff8100785a\u003e] ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:00:27.334Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4310902c766e371359e6c6311056ae80b5beeac9"
        },
        {
          "url": "https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813"
        },
        {
          "url": "https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549"
        },
        {
          "url": "https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f"
        }
      ],
      "title": "virtio/vsock: Fix accept_queue memory leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53119",
    "datePublished": "2024-12-02T13:44:50.438Z",
    "dateReserved": "2024-11-19T17:17:24.994Z",
    "dateUpdated": "2025-11-03T22:29:24.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.