Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-47024

HistoryFeb 28, 2024 - 9:15 a.m.

CVE-2021-47024

2024-02-2809:15:39

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

vulnerability resolved

memory leak

vsock

virtio

socket

memory leak

rx queue

virtio_transport_remove_sock

af_vsock

vsock_remove_sock

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b (“vsock/virtio: free packets during the socket release”), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work. To avoid future issues, let’s use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock(). [1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.10.38-1linux_5.10.38-1_all.deb
Debian11alllinux< 5.10.38-1linux_5.10.38-1_all.deb
Debian10alllinux<= 4.19.249-2linux_4.19.249-2_all.deb
Debian999alllinux< 5.10.38-1linux_5.10.38-1_all.deb
Debian13alllinux< 5.10.38-1linux_5.10.38-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.10.38-1	linux_5.10.38-1_all.deb
Debian	11	all	linux	< 5.10.38-1	linux_5.10.38-1_all.deb
Debian	10	all	linux	<= 4.19.249-2	linux_4.19.249-2_all.deb
Debian	999	all	linux	< 5.10.38-1	linux_5.10.38-1_all.deb
Debian	13	all	linux	< 5.10.38-1	linux_5.10.38-1_all.deb