ghsa-65mj-5f83-m897
Vulnerability from github
Published
2024-03-03 00:30
Modified
2024-03-03 00:30
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()

When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected.

Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_cache_alloc() in damon_new_region() and the damon_target which is allocated by kmalloc in damon_new_target() are not freed. And the damon_region which is allocated in damon_new_region() in damon_set_regions() is also not freed.

So use damon_destroy_target to free all the damon_regions and damon_target.

unreferenced object 0xffff888107c9a940 (size 64):
  comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk
    60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff  `...............
  backtrace:
    [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0
    [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0
    [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0
    [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260
    [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81237cf6>] kthread+0x2b6/0x380
    [<ffffffff81097add>] ret_from_fork+0x2d/0x70
    [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff8881079cc740 (size 56):
  comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s)
  hex dump (first 32 bytes):
    05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................
    6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk
  backtrace:
    [<ffffffff819bc492>] damon_new_region+0x22/0x1c0
    [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0
    [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260
    [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81237cf6>] kthread+0x2b6/0x380
    [<ffffffff81097add>] ret_from_fork+0x2d/0x70
    [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888107c9ac40 (size 64):
  comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk
    a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff  ........x.v.....
  backtrace:
    [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0
    [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0
    [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0
    [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260
    [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81237cf6>] kthread+0x2b6/0x380
    [<ffffffff81097add>] ret_from_fork+0x2d/0x70
    [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff8881079ccc80 (size 56):
  comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s)
  hex dump (first 32 bytes):
    05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................
    6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk
  backtrace:
    [<ffffffff819bc492>] damon_new_region+0x22/0x1c0
    [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0
    [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260
    [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81237cf6>] kthread+0x2b6/0x380
    [<ffffffff81097add>] ret_from_fork+0x2d/0x70
    [<ffff

---truncated---

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-52560"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-02T22:15:48Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()\n\nWhen CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y\nand CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected.\n\nSince commit 9f86d624292c (\"mm/damon/vaddr-test: remove unnecessary\nvariables\"), the damon_destroy_ctx() is removed, but still call\ndamon_new_target() and damon_new_region(), the damon_region which is\nallocated by kmem_cache_alloc() in damon_new_region() and the damon_target\nwhich is allocated by kmalloc in damon_new_target() are not freed.  And\nthe damon_region which is allocated in damon_new_region() in\ndamon_set_regions() is also not freed.\n\nSo use damon_destroy_target to free all the damon_regions and damon_target.\n\n    unreferenced object 0xffff888107c9a940 (size 64):\n      comm \"kunit_try_catch\", pid 1069, jiffies 4294670592 (age 732.761s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk\n        60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff  `...............\n      backtrace:\n        [\u003cffffffff817e0167\u003e] kmalloc_trace+0x27/0xa0\n        [\u003cffffffff819c11cf\u003e] damon_new_target+0x3f/0x1b0\n        [\u003cffffffff819c7d55\u003e] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0\n        [\u003cffffffff819c82be\u003e] damon_test_apply_three_regions1+0x21e/0x260\n        [\u003cffffffff829fce6a\u003e] kunit_generic_run_threadfn_adapter+0x4a/0x90\n        [\u003cffffffff81237cf6\u003e] kthread+0x2b6/0x380\n        [\u003cffffffff81097add\u003e] ret_from_fork+0x2d/0x70\n        [\u003cffffffff81003791\u003e] ret_from_fork_asm+0x11/0x20\n    unreferenced object 0xffff8881079cc740 (size 56):\n      comm \"kunit_try_catch\", pid 1069, jiffies 4294670592 (age 732.761s)\n      hex dump (first 32 bytes):\n        05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................\n        6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk\n      backtrace:\n        [\u003cffffffff819bc492\u003e] damon_new_region+0x22/0x1c0\n        [\u003cffffffff819c7d91\u003e] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0\n        [\u003cffffffff819c82be\u003e] damon_test_apply_three_regions1+0x21e/0x260\n        [\u003cffffffff829fce6a\u003e] kunit_generic_run_threadfn_adapter+0x4a/0x90\n        [\u003cffffffff81237cf6\u003e] kthread+0x2b6/0x380\n        [\u003cffffffff81097add\u003e] ret_from_fork+0x2d/0x70\n        [\u003cffffffff81003791\u003e] ret_from_fork_asm+0x11/0x20\n    unreferenced object 0xffff888107c9ac40 (size 64):\n      comm \"kunit_try_catch\", pid 1071, jiffies 4294670595 (age 732.843s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk\n        a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff  ........x.v.....\n      backtrace:\n        [\u003cffffffff817e0167\u003e] kmalloc_trace+0x27/0xa0\n        [\u003cffffffff819c11cf\u003e] damon_new_target+0x3f/0x1b0\n        [\u003cffffffff819c7d55\u003e] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0\n        [\u003cffffffff819c851e\u003e] damon_test_apply_three_regions2+0x21e/0x260\n        [\u003cffffffff829fce6a\u003e] kunit_generic_run_threadfn_adapter+0x4a/0x90\n        [\u003cffffffff81237cf6\u003e] kthread+0x2b6/0x380\n        [\u003cffffffff81097add\u003e] ret_from_fork+0x2d/0x70\n        [\u003cffffffff81003791\u003e] ret_from_fork_asm+0x11/0x20\n    unreferenced object 0xffff8881079ccc80 (size 56):\n      comm \"kunit_try_catch\", pid 1071, jiffies 4294670595 (age 732.843s)\n      hex dump (first 32 bytes):\n        05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................\n        6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk\n      backtrace:\n        [\u003cffffffff819bc492\u003e] damon_new_region+0x22/0x1c0\n        [\u003cffffffff819c7d91\u003e] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0\n        [\u003cffffffff819c851e\u003e] damon_test_apply_three_regions2+0x21e/0x260\n        [\u003cffffffff829fce6a\u003e] kunit_generic_run_threadfn_adapter+0x4a/0x90\n        [\u003cffffffff81237cf6\u003e] kthread+0x2b6/0x380\n        [\u003cffffffff81097add\u003e] ret_from_fork+0x2d/0x70\n        [\u003cffff\n---truncated---",
  "id": "GHSA-65mj-5f83-m897",
  "modified": "2024-03-03T00:30:32Z",
  "published": "2024-03-03T00:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52560"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/45120b15743fa7c0aa53d5db6dfb4c8f87be4abd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b522001693aa113d97a985abc5f6932972e8e86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a4fe81a8644b717d57d81ce5849e16583b13fe8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.