{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47024", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.960Z", "datePublished": "2024-02-28T08:13:36.489Z", "dateUpdated": "2024-11-04T11:57:56.413Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:57:56.413Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: free queued packets when closing socket\n\nAs reported by syzbot [1], there is a memory leak while closing the\nsocket. We partially solved this issue with commit ac03046ece2b\n(\"vsock/virtio: free packets during the socket release\"), but we\nforgot to drain the RX queue when the socket is definitely closed by\nthe scheduled work.\n\nTo avoid future issues, let's use the new virtio_transport_remove_sock()\nto drain the RX queue before removing the socket from the af_vsock lists\ncalling vsock_remove_sock().\n\n[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/virtio_transport_common.c"], "versions": [{"version": "ac03046ece2b", "lessThan": "b605673b523f", "status": "affected", "versionType": "git"}, {"version": "ac03046ece2b", "lessThan": "27691665145e", "status": "affected", "versionType": "git"}, {"version": "ac03046ece2b", "lessThan": "37c38674ef2f", "status": "affected", "versionType": "git"}, {"version": "ac03046ece2b", "lessThan": "8432b8114957", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/virtio_transport_common.c"], "versions": [{"version": "5.2", "status": "affected"}, {"version": "0", "lessThan": "5.2", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf"}, {"url": "https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a"}, {"url": "https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b"}, {"url": "https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39"}], "title": "vsock/virtio: free queued packets when closing socket", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T18:00:51.887353Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:23.950Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.600Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.600Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T18:00:51.887353Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.506Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "vsock/virtio: free queued packets when closing socket", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ac03046ece2b", "lessThan": "b605673b523f", "versionType": "git"}, {"status": "affected", "version": "ac03046ece2b", "lessThan": "27691665145e", "versionType": "git"}, {"status": "affected", "version": "ac03046ece2b", "lessThan": "37c38674ef2f", "versionType": "git"}, {"status": "affected", "version": "ac03046ece2b", "lessThan": "8432b8114957", "versionType": "git"}], "programFiles": ["net/vmw_vsock/virtio_transport_common.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.2"}, {"status": "unaffected", "version": "0", "lessThan": "5.2", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/vmw_vsock/virtio_transport_common.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf"}, {"url": "https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a"}, {"url": "https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b"}, {"url": "https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: free queued packets when closing socket\n\nAs reported by syzbot [1], there is a memory leak while closing the\nsocket. We partially solved this issue with commit ac03046ece2b\n(\"vsock/virtio: free packets during the socket release\"), but we\nforgot to drain the RX queue when the socket is definitely closed by\nthe scheduled work.\n\nTo avoid future issues, let's use the new virtio_transport_remove_sock()\nto drain the RX queue before removing the socket from the af_vsock lists\ncalling vsock_remove_sock().\n\n[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:57:56.413Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47024", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:57:56.413Z", "dateReserved": "2024-02-27T18:42:55.960Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:36.489Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: free queued packets when closing socket\n\nAs reported by syzbot [1], there is a memory leak while closing the\nsocket. We partially solved this issue with commit ac03046ece2b\n(\"vsock/virtio: free packets during the socket release\"), but we\nforgot to drain the RX queue when the socket is definitely closed by\nthe scheduled work.\n\nTo avoid future issues, let's use the new virtio_transport_remove_sock()\nto drain the RX queue before removing the socket from the af_vsock lists\ncalling vsock_remove_sock().\n\n[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9"}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: vsock/virtio: paquetes libres en cola al cerrar el socket Seg\u00fan lo informado por syzbot [1], hay una p\u00e9rdida de memoria al cerrar el socket. Resolvimos parcialmente este problema con el compromiso ac03046ece2b (\"vsock/virtio: paquetes libres durante el lanzamiento del socket\"), pero nos olvidamos de vaciar la cola RX cuando el trabajo programado cierra definitivamente el socket. Para evitar problemas futuros, usemos el nuevo virtio_transport_remove_sock() para drenar la cola RX antes de eliminar el socket de las listas af_vsock llamando a vsock_remove_sock(). [1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9"}], "id": "CVE-2021-47024", "lastModified": "2024-02-28T14:06:45.783", "metrics": {}, "published": "2024-02-28T09:15:39.243", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: vsock/virtio: free queued packets when closing socket", "id": "2266967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266967"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvsock/virtio: free queued packets when closing socket\nAs reported by syzbot [1], there is a memory leak while closing the\nsocket. We partially solved this issue with commit ac03046ece2b\n(\"vsock/virtio: free packets during the socket release\"), but we\nforgot to drain the RX queue when the socket is definitely closed by\nthe scheduled work.\nTo avoid future issues, let's use the new virtio_transport_remove_sock()\nto drain the RX queue before removing the socket from the af_vsock lists\ncalling vsock_remove_sock().\n[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9"], "name": "CVE-2021-47024", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47024\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47024\nhttps://lore.kernel.org/linux-cve-announce/2024022833-CVE-2021-47024-c116@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.37, kernel 5.11.21, kernel 5.12.4, kernel 5.13"}