Linux · Linux Kernel · CVE-2024-53210
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 6.10.0-rc7
**Description**
The issue is related to a memory leak in the Linux kernel, specifically in the s390/iucv component. When the MSG PEEK flag is passed to `skb recv datagram()`, it increments the `skb->users` refcount, but `iucv sock recvmsg()` does not decrement the refcount at exit. This results in a memory leak in `skb queue purge()` and a WARN ON in `iucv sock destruct()` during socket close. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- The `MSG PEEK` flag is used in the `skb recv datagram()` function.
- The `skb->users` refcount is incremented when the `MSG PEEK` flag is passed.
- The `iucv sock recvmsg()` function does not decrement the `skb->users` refcount at exit.
- The memory leak occurs in `skb queue purge()`.
- A WARN ON is triggered in `iucv sock destruct()` during socket close.
**Recommendations**
To resolve the issue, decrease the `skb->users` refcount by one if the `MSG PEEK` flag is set to prevent the memory leak and WARN ON.
As a temporary workaround, consider disabling the `iucv sock destruct()` function until a patch is available.
Restrict access to the `skb recv datagram()` function to minimize the risk of exploitation.
Avoid using the `MSG PEEK` flag in the affected API endpoint until the issue is resolved.