CVE-2021-47024 - Resolving Memory Leak in Linux Kernel: vsock/virtio

A new vulnerability, CVE-2021-47024, has been discovered in the Linux kernel that affects the vsock/virtio subsystem, which is responsible for handling sockets. This vulnerability leads to a memory leak while closing the socket. The issue was first reported by syzbot [1], a testing tool designed to identify kernel bugs by running fuzzing tests.

The vulnerability has now been addressed by the Linux kernel community through a recent commit. This blog post will discuss the details of the issue, the code changes made to fix it, and the potential impact of this vulnerability.

Issue Details

In the Linux kernel vsock/virtio subsystem, a memory leak was discovered while closing the socket. This issue was partially resolved by commit ac03046ece2b [2] ("vsock/virtio: free packets during the socket release"), but the developers missed draining the RX queue when the socket is closed by the scheduled work.

To mitigate this issue and avoid future problems, the developers have introduced a new function called virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists, using the existing vsock_remove_sock() function.

Here is the code snippet from the Linux kernel that includes the patch to fix the vulnerability

@@ -920,7 +920,7 @@ static void virtio_transport_destruct(struct vsock_sock *vsk)
 {
        struct virtio_vsock_sock *vvs = vsk->trans;
 
-       virtio_transport_release_tx_bufs(vvs);
+       virtio_transport_remove_sock(vsk);
 
        while (!list_empty(&vvs->recv_pkt_list)) {
                list_splice_init(&vvs->recv_pkt_list, &vvs->rx_queue);

Links to Original References

1. Syzkaller Report: https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9
2. Commit ac03046ece2b: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac03046ece2b

Exploit Details

While there are no known public exploits for this vulnerability at this time, it is important for users and administrators to be aware of the potential impact this issue may have on their systems. A malicious user could potentially exploit the memory leak vulnerability caused by this kernel bug, leading to a denial-of-service (DoS) attack, or other related issues.

Conclusion

CVE-2021-47024 is a security vulnerability in the Linux kernel's vsock/virtio subsystem, which has now been patched and resolved. Users and system administrators should ensure that they update their kernel to the latest version to protect against any potential exploits.

Timeline

Published on: 02/28/2024 09:15:39 UTC
Last modified on: 12/06/2024 20:53:23 UTC