CVE-2023-53136

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> af_unix: fix struct pid leaks in OOB support<br /> <br /> syzbot reported struct pid leak [1].<br /> <br /> Issue is that queue_oob() calls maybe_add_creds() which potentially<br /> holds a reference on a pid.<br /> <br /> But skb-&gt;destructor is not set (either directly or by calling<br /> unix_scm_to_skb())<br /> <br /> This means that subsequent kfree_skb() or consume_skb() would leak<br /> this reference.<br /> <br /> In this fix, I chose to fully support scm even for the OOB message.<br /> <br /> [1]<br /> BUG: memory leak<br /> unreferenced object 0xffff8881053e7f80 (size 128):<br /> comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s)<br /> hex dump (first 32 bytes):<br /> 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> backtrace:<br /> [] alloc_pid+0x6a/0x560 kernel/pid.c:180<br /> [] copy_process+0x169f/0x26c0 kernel/fork.c:2285<br /> [] kernel_clone+0xf7/0x610 kernel/fork.c:2684<br /> [] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825<br /> [] do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80<br /> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd