CVE-2024-53119— virtio/vsock: Fix accept_queue memory leak
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-53119
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
virtio/vsock: Fix accept_queue memory leak
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm "kworker/5:2", pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............ backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于virtio/vsock组件在接受队列内存泄漏问题,由于socket销毁的最后阶段可能被延迟,导致virtio_transport_recv_listen在accept_queue被清空后仍被调用,造成内存泄漏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-53119
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-53119
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-12-02 · 22 CVEs total
| CVE-2024-53113 | mm: fix NULL pointer dereference in alloc_pages_bulk_noprof | |
| CVE-2024-53103 | hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer | |
| CVE-2024-53104 | media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format | |
| CVE-2024-53105 | mm: page_alloc: move mlocked flag clearance into free_pages_prepare() | |
| CVE-2024-53106 | ima: fix buffer overrun in ima_eventdigest_init_common | |
| CVE-2024-53107 | fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() | |
| CVE-2024-53108 | drm/amd/display: Adjust VSDB parser for replay feature | |
| CVE-2024-53109 | nommu: pass NULL argument to vma_iter_prealloc() | |
| CVE-2024-53111 | mm/mremap: fix address wraparound in move_page_tables() | |
| CVE-2024-53110 | vp_vdpa: fix id_table array not null terminated error | |
| CVE-2024-53112 | ocfs2: uncache inode which has failed entering the group | |
| CVE-2024-53124 | net: fix data-races around sk->sk_forward_alloc | |
| CVE-2024-53114 | x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client | |
| CVE-2024-53115 | drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle | |
| CVE-2024-53116 | drm/panthor: Fix handling of partial GPU mapping of BOs | |
| CVE-2024-53117 | virtio/vsock: Improve MSG_ZEROCOPY error handling | |
| CVE-2024-53118 | vsock: Fix sk_error_queue memory leak | |
| CVE-2024-53120 | net/mlx5e: CT: Fix null-ptr-deref in add rule err flow | |
| CVE-2024-53121 | net/mlx5: fs, lock FTE when checking if active | |
| CVE-2024-53122 | mptcp: cope racing subflow creation in mptcp_rcv_space_adjust |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-53119
No comments yet