CVE-2024-41001
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/sqpoll: work around a potential audit memory leak
kmemleak complains that there's a memory leak related to connect handling:
unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20
which can can happen if:
- The command type does something on the prep side that triggers an audit call.
- The thread hasn't done any operations before this that triggered an audit call inside ->issue(), where we have audit_uring_entry() and audit_uring_exit().
Work around this by issuing a blanket NOP operation before the SQPOLL does anything.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < 55c22375cbaa24f77dd13f9ae0642915444a1227 | affected |
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < 9e810bd995823786ea30543e480e8a573e5e5667 | affected |
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < a40e90d9304629002fb17200f7779823a81191d3 | affected |
| Linux | Linux | 2b188cc1bb857a9d4701ae59aa7768b5124e262e < c4ce0ab27646f4206a9eb502d6fe45cb080e1cae | affected |
| Linux | Linux | 5.1 | affected |
| Linux | Linux | 0 < 5.1 | unaffected |
| Linux | Linux | 6.1.96 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.36 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.7 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227
- https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667
- https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3
- https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227
- https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667
- https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3
- https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.