Informazioni sul CVE-2024-41023
sched/deadline: Fix task_struct reference leak
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-41023
Descrizione: In the Linux kernel, a vulnerability has been resolved: The following issue was addressed during a stress test with Linux-rt: During the execution of the following stress test, `kmemleak` frequently reported a memory leak concerning the task_struct. Specifically, the following memory dump revealed a leak: * `0xffff8881305b8000` (size 16136) was identified: `comm=”stress-ng”, pid=614, jiffies=4294883961 (age=286.412s)` * A hex dump showed: * `02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@` * `00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …..` * A debug hex dump showed: * `53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S` * The kernel trace showed: * `dup_task_struct+0x30/0x540` * `copy_process+0x3d9/0x50e0` * `kernel_clone+0xb0/0x770` * `__do_sys_clone+0xb6/0xf0` * `do_syscall_64+0x5d/0xf0` * `entry_SYSCALL_64_after_hwframe+0x6e/0x76` The patch addresses this issue by ensuring the task_struct reference count is correctly decremented when the timer is canceled.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4
- https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9
Prodotti interessati
- Linux – Linux
- Linux – Linux