PT-2024-30728 · Linux+6 · Linux Kernel+6
Frederic Weisbecker
+1
·
Published
2024-07-09
·
Updated
2025-09-29
·
CVE-2024-43870
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.50
Description
The issue arises when a task is scheduled out and pending sigtrap deliveries are deferred to the target task upon resume to userspace via task work. Failures while adding an event's callback to the task work engine are ignored, leading to a small window where pending sigtrap can be queued and ignored, causing an event refcount addition leak. This occurs in the following scenario: when a task exits, the last call for events exit happens after task work is closed, resulting in the event never being released.
Technical details about exploitation include:
- The
task work add()function's error handling is inadequate, leading to the leak. - The
event->pending sigtrapvariable is used to track pending sigtrap deliveries. - The
irq work queue()function is used to queue the pending IRQ. - The
perf event overflow()function is involved in the scenario where the leak occurs. - The
event sched out()function is called when the task is scheduled out. - The
perf pending irq()function returns early whenevent->oncpuis -1.
Recommendations
To resolve the issue, update the Linux kernel to version 6.6.50 or later, which includes the fix for the event leak upon exit. As a temporary workaround, consider disabling the
perf event overflow() function until a patch is available. Restrict access to the task work add() function to minimize the risk of exploitation. Avoid using the event->pending sigtrap variable in the affected API endpoint until the issue is resolved.Exploit
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu