{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53118", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.994Z", "datePublished": "2024-12-02T13:44:49.658Z", "dateUpdated": "2024-12-19T09:39:35.804Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:39:35.804Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix sk_error_queue memory leak\n\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\nclean up the queue when the socket is destroyed.\n\nunreferenced object 0xffff8881028beb00 (size 224):\n comm \"vsock_test\", pid 1218, jiffies 4294694897\n hex dump (first 32 bytes):\n 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!.....\n 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!.....\n backtrace (crc 6c7031ca):\n [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370\n [<ffffffff81d35882>] __alloc_skb+0x132/0x180\n [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80\n [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240\n [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0\n [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50\n [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450\n [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0\n [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0\n [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80\n [<ffffffff820d3df3>] do_syscall_64+0x93/0x180\n [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "581512a6dc939ef122e49336626ae159f3b8a345", "lessThan": "bea4779a45f49275b1e1b1bd9de03cd3727244d8", "status": "affected", "versionType": "git"}, {"version": "581512a6dc939ef122e49336626ae159f3b8a345", "lessThan": "fbf7085b3ad1c7cc0677834c90f985f1b4f77a33", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.10", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8"}, {"url": "https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33"}], "title": "vsock: Fix sk_error_queue memory leak", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A", "versionEndExcluding": "6.11.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix sk_error_queue memory leak\n\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\nclean up the queue when the socket is destroyed.\n\nunreferenced object 0xffff8881028beb00 (size 224):\n comm \"vsock_test\", pid 1218, jiffies 4294694897\n hex dump (first 32 bytes):\n 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!.....\n 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!.....\n backtrace (crc 6c7031ca):\n [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370\n [<ffffffff81d35882>] __alloc_skb+0x132/0x180\n [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80\n [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240\n [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0\n [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50\n [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450\n [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0\n [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0\n [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80\n [<ffffffff820d3df3>] do_syscall_64+0x93/0x180\n [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: se corrige la p\u00e9rdida de memoria sk_error_queue. El kernel coloca en cola las notificaciones de finalizaci\u00f3n MSG_ZEROCOPY en la cola de errores, donde permanecen hasta que se recv()en forma expl\u00edcita. Para evitar p\u00e9rdidas de memoria, limpie la cola cuando se destruya el socket. objeto sin referencia 0xffff8881028beb00 (tama\u00f1o 224): comm \"vsock_test\", pid 1218, jiffies 4294694897 volcado hexadecimal (primeros 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [] kmem_cache_alloc_node_noprof+0x2f7/0x370 [] __alloc_skb+0x132/0x180 [] sock_omalloc+0x4b/0x80 [] msg_zerocopy_realloc+0x9e/0x240 [] virtio_transport_send_pkt_info+0x412/0x4c0 [] virtio_transport_stream_enqueue+0x43/0x50 [] vsock_connectible_sendmsg+0x373/0x450 [] ____sys_sendmsg+0x365/0x3a0 [] ___sys_sendmsg+0x84/0xd0 [] __sys_sendmsg+0x47/0x80 [] do_syscall_64+0x93/0x180 [] entry_SYSCALL_64_after_hwframe+0x76/0x7e"}], "id": "CVE-2024-53118", "lastModified": "2024-12-11T20:52:52.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-02T14:15:12.567", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: vsock: Fix sk_error_queue memory leak", "id": "2329919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329919"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvsock: Fix sk_error_queue memory leak\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\nclean up the queue when the socket is destroyed.\nunreferenced object 0xffff8881028beb00 (size 224):\ncomm \"vsock_test\", pid 1218, jiffies 4294694897\nhex dump (first 32 bytes):\n90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!.....\n00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!.....\nbacktrace (crc 6c7031ca):\n[<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370\n[<ffffffff81d35882>] __alloc_skb+0x132/0x180\n[<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80\n[<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240\n[<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0\n[<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50\n[<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450\n[<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0\n[<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0\n[<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80\n[<ffffffff820d3df3>] do_syscall_64+0x93/0x180\n[<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e"], "name": "CVE-2024-53118", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53118\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53118\nhttps://lore.kernel.org/linux-cve-announce/2024120251-CVE-2024-53118-c6d7@gregkh/T"], "threat_severity": "Moderate"}