GHSA-25V2-V763-X228

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring/sqpoll: work around a potential audit memory leak

kmemleak complains that there's a memory leak related to connect handling:

unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20

which can can happen if:

1) The command type does something on the prep side that triggers an audit call. 2) The thread hasn't done any operations before this that triggered an audit call inside ->issue(), where we have audit_uring_entry() and audit_uring_exit().

Work around this by issuing a blanket NOP operation before the SQPOLL does anything.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-41001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there\u0027s a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm \"iou-sqp-455\", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace (crc 2e481b1a):\n[\u003c00000000c0a26af4\u003e] kmemleak_alloc+0x30/0x38\n[\u003c000000009c30bb45\u003e] kmalloc_trace+0x228/0x358\n[\u003c000000009da9d39f\u003e] __audit_sockaddr+0xd0/0x138\n[\u003c0000000089a93e34\u003e] move_addr_to_kernel+0x1a0/0x1f8\n[\u003c000000000b4e80e6\u003e] io_connect_prep+0x1ec/0x2d4\n[\u003c00000000abfbcd99\u003e] io_submit_sqes+0x588/0x1e48\n[\u003c00000000e7c25e07\u003e] io_sq_thread+0x8a4/0x10e4\n[\u003c00000000d999b491\u003e] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n   audit call.\n2) The thread hasn\u0027t done any operations before this that triggered\n   an audit call inside -\u003eissue(), where we have audit_uring_entry()\n   and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything.",
  "id": "GHSA-25v2-v763-x228",
  "modified": "2025-11-04T00:30:57Z",
  "published": "2024-07-12T15:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41001"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.