CVE-2021-47024
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/02/2024
Last modified:
06/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
vsock/virtio: free queued packets when closing socket<br />
<br />
As reported by syzbot [1], there is a memory leak while closing the<br />
socket. We partially solved this issue with commit ac03046ece2b<br />
("vsock/virtio: free packets during the socket release"), but we<br />
forgot to drain the RX queue when the socket is definitely closed by<br />
the scheduled work.<br />
<br />
To avoid future issues, let&#39;s use the new virtio_transport_remove_sock()<br />
to drain the RX queue before removing the socket from the af_vsock lists<br />
calling vsock_remove_sock().<br />
<br />
[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.2 (including) | 5.10.37 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.11.21 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.12.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a
- https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b
- https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39
- https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf
- https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a
- https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b
- https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39
- https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf