CVE-2021-47024

Summary

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: free queued packets when closing socket

As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work.

To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock().

[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxac03046ece2b158ebd204dfc4896fd9f39f0e6c8 < b605673b523fe33abeafb2136759bcbc9c1e6ebfaffected
LinuxLinuxac03046ece2b158ebd204dfc4896fd9f39f0e6c8 < 27691665145e74a45034a9dccf1150cf1894763aaffected
LinuxLinuxac03046ece2b158ebd204dfc4896fd9f39f0e6c8 < 37c38674ef2f8d7e8629e5d433c37d6c1273d16baffected
LinuxLinuxac03046ece2b158ebd204dfc4896fd9f39f0e6c8 < 8432b8114957235f42e070a16118a7f750de9d39affected
LinuxLinux4ea082cd3c400cd5bb36a7beb7e441bf3e29350daffected
LinuxLinux4e539fa2dec4db3405e47002f2878aa4a99eb68baffected
LinuxLinux4af8a327aeba102aaa9b78f3451f725bc590b237affected
LinuxLinux51adb8ebe8c1d80528fc2ea863cfea9d32d2c52baffected
LinuxLinux7d29c9ad0ed525c1b10e29cfca4fb1eece1e93fbaffected
LinuxLinux4.9.179 < 4.10affected
LinuxLinux4.14.122 < 4.15affected
LinuxLinux4.19.46 < 4.20affected
LinuxLinux5.0.19 < 5.1affected
LinuxLinux5.1.5 < 5.2affected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.10.37 <= 5.10.*unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References