{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41023", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.615Z", "datePublished": "2024-07-29T14:31:40.439Z", "dateUpdated": "2024-11-05T09:35:10.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:10.815Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [<00000000046b6790>] dup_task_struct+0x30/0x540\n [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n [<00000000ced59777>] kernel_clone+0xb0/0x770\n [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/deadline.c"], "versions": [{"version": "feff2e65efd8", "lessThan": "7a54d31face6", "status": "affected", "versionType": "git"}, {"version": "feff2e65efd8", "lessThan": "b58652db66c9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/deadline.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}], "title": "sched/deadline: Fix task_struct reference leak", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.070Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:19.073103Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:04.883Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.070Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:19.073103Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.532Z"}}], "cna": {"title": "sched/deadline: Fix task_struct reference leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "feff2e65efd8", "lessThan": "7a54d31face6", "versionType": "git"}, {"status": "affected", "version": "feff2e65efd8", "lessThan": "b58652db66c9", "versionType": "git"}], "programFiles": ["kernel/sched/deadline.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "custom"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/sched/deadline.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [<00000000046b6790>] dup_task_struct+0x30/0x540\n [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n [<00000000ced59777>] kernel_clone+0xb0/0x770\n [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:31:40.439Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41023", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:04.883Z", "dateReserved": "2024-07-12T12:17:45.615Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:31:40.439Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [<00000000046b6790>] dup_task_struct+0x30/0x540\n [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n [<00000000ced59777>] kernel_clone+0xb0/0x770\n [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: sched/deadline: Reparar fuga de referencia de task_struct Durante la ejecuci\u00f3n de la siguiente prueba de estr\u00e9s con linux-rt: estr\u00e9s-ng --ciclic 30 --timeout 30 --minimize --quiet kmemleak inform\u00f3 con frecuencia una p\u00e9rdida de memoria relacionada con task_struct: objeto sin referencia 0xffff8881305b8000 (tama\u00f1o 16136): comm \"stress-ng\", pid 614, jiffies 4294883961 (edad 286.412 s) volcado hexadecimal de objeto (primeros 32 bytes): 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ volcado hexadecimal de depuraci\u00f3n (primeros 16 bytes): 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S............... rastreo inverso : [&lt;00000000046b6790&gt;] dup_task_struct+0x30/0x540 [&lt;00000000c5ca0f0b&gt;] copy_process+0x3d9/0x50e0 [&lt;00000000ced59777&gt;] kernel_clone+0xb0/0x770 [&lt;00000000a50befd c&gt;] __do_sys_clone+0xb6/0xf0 [&lt;000000001dbf2008&gt;] do_syscall_64+0x5d/ 0xf0 [&lt;00000000552900ff&gt;] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 El problema ocurre en start_dl_timer(), que incrementa el recuento de referencias de task_struct y establece un temporizador. Se supone que la devoluci\u00f3n de llamada del temporizador, dl_task_timer, disminuye el recuento de referencia al expirar. Sin embargo, si se llama a enqueue_task_dl() antes de que expire el temporizador y lo cancela, el recuento de referencias no disminuye, lo que provoca la fuga. Este parche corrige la fuga de referencia al garantizar que el recuento de referencias de task_struct disminuya correctamente cuando se cancela el temporizador."}], "id": "CVE-2024-41023", "lastModified": "2024-11-21T09:32:05.223", "metrics": {}, "published": "2024-07-29T15:15:11.200", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6744", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.84.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6745", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.84.1.rt14.369.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:9546", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.44.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}], "bugzilla": {"description": "kernel: sched/deadline: Fix task_struct reference leak", "id": "2300381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300381"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsched/deadline: Fix task_struct reference leak\nDuring the execution of the following stress test with linux-rt:\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\nkmemleak frequently reported a memory leak concerning the task_struct:\nunreferenced object 0xffff8881305b8000 (size 16136):\ncomm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\nobject hex dump (first 32 bytes):\n02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\ndebug hex dump (first 16 bytes):\n53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\nbacktrace:\n[<00000000046b6790>] dup_task_struct+0x30/0x540\n[<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n[<00000000ced59777>] kernel_clone+0xb0/0x770\n[<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n[<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n[<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41023\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41023\nhttps://lore.kernel.org/linux-cve-announce/2024072917-CVE-2024-41023-32a0@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.9.10, kernel 6.10"}