PT-2024-35657 · Linux+7 · Linux Kernel+7
Alexandra Winter
+4
·
Published
2024-11-19
·
Updated
2026-05-26
·
CVE-2024-53210
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.10.0-rc7
Description
The issue is related to a memory leak in the Linux kernel, specifically in the s390/iucv component. When the MSG PEEK flag is passed to
skb recv datagram(), it increments the skb->users refcount, but iucv sock recvmsg() does not decrement the refcount at exit. This results in a memory leak in skb queue purge() and a WARN ON in iucv sock destruct() during socket close. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.Technical details about exploitation include:
- The
MSG PEEKflag is used in theskb recv datagram()function. - The
skb->usersrefcount is incremented when theMSG PEEKflag is passed. - The
iucv sock recvmsg()function does not decrement theskb->usersrefcount at exit. - The memory leak occurs in
skb queue purge(). - A WARN ON is triggered in
iucv sock destruct()during socket close.
Recommendations
To resolve the issue, decrease the
skb->users refcount by one if the MSG PEEK flag is set to prevent the memory leak and WARN ON.
As a temporary workaround, consider disabling the iucv sock destruct() function until a patch is available.
Restrict access to the skb recv datagram() function to minimize the risk of exploitation.
Avoid using the MSG PEEK flag in the affected API endpoint until the issue is resolved.Exploit
Fix
DoS
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu