github - ghsa-rqh4-x2v7-j34g

ghsa-rqh4-x2v7-j34g

Vulnerability from github

Published

2024-01-12 00:30

Modified

2024-05-20 12:30

Severity

5.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-402",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T00:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.",
  "id": "GHSA-rqh4-x2v7-j34g",
  "modified": "2024-05-20T12:30:27Z",
  "published": "2024-01-12T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0443"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6583"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7077"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7370"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0443"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257968"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-0443

Vulnerability from cvelistv5

Published

2024-01-11 23:30

Modified

2024-09-16 11:04

Severity

5.5 (Medium) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.

References

URL	Tags
https://access.redhat.com/errata/RHSA-2023:6583	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7077	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7370	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-0443	vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2257968	issue-tracking, x_refsource_REDHAT
https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/

Impacted products

Vendor	Product

Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support
Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 9

Show details on NVD website