CVE-2023-52560

CVE Details

Release Date:2024-03-02

Description


In the Linux kernel, the following vulnerability has been resolved:\nmm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()\nWhen CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y\nand CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected.\nSince commit 9f86d624292c ('mm/damon/vaddr-test: remove unnecessary\nvariables'), the damon_destroy_ctx() is removed, but still call\ndamon_new_target() and damon_new_region(), the damon_region which is\nallocated by kmem_cache_alloc() in damon_new_region() and the damon_target\nwhich is allocated by kmalloc in damon_new_target() are not freed. And\nthe damon_region which is allocated in damon_new_region() in\ndamon_set_regions() is also not freed.\nSo use damon_destroy_target to free all the damon_regions and damon_target.\nunreferenced object 0xffff888107c9a940 (size 64):\ncomm 'kunit_try_catch', pid 1069, jiffies 4294670592 (age 732.761s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk\n60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `...............\nbacktrace:\n[] kmalloc_trace+0x27/0xa0\n[] damon_new_target+0x3f/0x1b0\n[] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0\n[] damon_test_apply_three_regions1+0x21e/0x260\n[] kunit_generic_run_threadfn_adapter+0x4a/0x90\n[] kthread+0x2b6/0x380\n[] ret_from_fork+0x2d/0x70\n[] ret_from_fork_asm+0x11/0x20\nunreferenced object 0xffff8881079cc740 (size 56):\ncomm 'kunit_try_catch', pid 1069, jiffies 4294670592 (age 732.761s)\nhex dump (first 32 bytes):\n05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................\n6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk\nbacktrace:\n[] damon_new_region+0x22/0x1c0\n[] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0\n[] damon_test_apply_three_regions1+0x21e/0x260\n[] kunit_generic_run_threadfn_adapter+0x4a/0x90\n[] kthread+0x2b6/0x380\n[] ret_from_fork+0x2d/0x70\n[] ret_from_fork_asm+0x11/0x20\nunreferenced object 0xffff888107c9ac40 (size 64):\ncomm 'kunit_try_catch', pid 1071, jiffies 4294670595 (age 732.843s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk\na0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v.....\nbacktrace:\n[] kmalloc_trace+0x27/0xa0\n[] damon_new_target+0x3f/0x1b0\n[] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0\n[] damon_test_apply_three_regions2+0x21e/0x260\n[] kunit_generic_run_threadfn_adapter+0x4a/0x90\n[] kthread+0x2b6/0x380\n[] ret_from_fork+0x2d/0x70\n[] ret_from_fork_asm+0x11/0x20\nunreferenced object 0xffff8881079ccc80 (size 56):\ncomm 'kunit_try_catch', pid 1071, jiffies 4294670595 (age 732.843s)\nhex dump (first 32 bytes):\n05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................\n6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk\nbacktrace:\n[] damon_new_region+0x22/0x1c0\n[] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0\n[] damon_test_apply_three_regions2+0x21e/0x260\n[] kunit_generic_run_threadfn_adapter+0x4a/0x90\n[] kthread+0x2b6/0x380\n[] ret_from_fork+0x2d/0x70\n[

See more information about CVE-2023-52560 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 3.3 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (kernel)ELSA-2024-42112024-07-02
Oracle Linux version 9 (kernel)ELSA-2024-93152024-11-14


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete