Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0443

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

Published

2024-01-12T00:15:45.230

Last Modified

2024-11-21T08:46:36.010

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-402
Type: Primary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 6.4	Yes
Operating System	linux	linux_kernel	6.4	Yes
Operating System	linux	linux_kernel	6.4	Yes
Operating System	linux	linux_kernel	6.4	Yes
Operating System	linux	linux_kernel	6.4	Yes
Operating System	linux	linux_kernel	6.4	Yes
Operating System	linux	linux_kernel	6.4	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	fedoraproject	fedora	39	Yes

References

https://access.redhat.com/errata/RHSA-2023:6583 ([email protected])
https://access.redhat.com/errata/RHSA-2023:7077 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7370 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-0443 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2257968 Issue Tracking, Third Party Advisory ([email protected])
https://lore.kernel.org/linux-block/[email protected]/ Mailing List ([email protected])
https://access.redhat.com/errata/RHSA-2023:6583 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7077 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7370 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2024-0443 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2257968 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lore.kernel.org/linux-block/[email protected]/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)