CVE: CVE-2024-41001

Descrizione: In the Linux kernel, a vulnerability has been resolved: The io_uring/sqpoll vulnerability is addressed through a workaround. kmemleak complains about a memory leak related to connect handling. When kmemleak detects a memory leak, it identifies a problem with `unreferenced object 0xffff0001093bdf00` (size 128). The backtrace shows the following: * The command `iou-sqp-455` is running, with PID 457, and `jiffies` is set to 4294894164. * The first 32 bytes of the dump reveal: * `02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00` * `backtrace (crc 2e481b1a):` * `[<00000000c0a26af4>] kmemleak_alloc+0x30/0x38` * `[<000000009c30bb45>] kmalloc_trace+0x228/0x358` * `[<000000009da9d39f>] __audit_sockaddr+0xd0/0x138` * `[<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8` * `[<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4` * `[<00000000abfbcd99>] ret_from_fork+0x10/0x20` The work around is to issue a blanket NOP operation before the `io_uring/sqpoll` command does anything.

Vettore di attacco

Riferimenti esterni

• https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227
• https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667
• https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3
• https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae

Prodotti interessati

• Linux – Linux
• Linux – Linux

Relazioni con altri prodotti

Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0