CVE-2024-56613

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A memory leak issue has been identified in the Linux kernel, specifically in the sched/numa component, due to the overwritten vma->numab state. This issue can be consistently reproduced on servers with multiple cores when running the hackbench program of LTP. The problem occurs when multiple threads access a shared vma simultaneously, causing vma->numab state to be overwritten. The issue can be resolved by using the cmpxchg atomic operation to ensure that only one thread executes the vma->numab state assignment.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the task numa work() function until a patch is available. Restrict access to the vulnerable vma->numab state variable to minimize the risk of exploitation. Avoid using the hackbench program with the thread argument until the issue is resolved.