A critical memory leak was found and patched in the Linux kernel’s memory management testing framework, specifically within DAMON’s sysfs KUnit test interface. This post walks you through what happened in CVE-2024-50068, shows the exact code problems and patch, and explains how you could have exploited the bug (in a controlled test environment), with exclusive clear language.
What Was the Bug?
In Linux’s DAMON (Data Access MONitor), a sysfs KUnit test helper function called damon_sysfs_test_add_targets() failed to free memory it had allocated for sysfs_target->regions. This caused a memory leak that could slowly consume kernel memory when running DAMON sysfs-related KUnit tests.
What is a "memory leak"?
A memory leak is when a program does not free memory it no longer needs. Over time, these accumulate, potentially slowing the system or exhausting available memory.
Where was it?
- File: mm/damon/tests/sysfs-kunit.h
The helper function allocates regions with this code
sysfs_target->regions = damon_sysfs_regions_alloc(nr_regions);
But: In the function’s failure and cleanup paths, it forgot to free sysfs_target->regions.
KMemleak (a Linux memory leak detection tool) flagged this
unreferenced object xffffff80c2a8db80 (size 96):
comm "kunit_try_catch", pid 187, jiffies 4294894363
...
backtrace (crc ):
[<...>] kmemleak_alloc+x34/x40
[<...>] __kmalloc_cache_noprof+x26c/x2f4
[<...>] damon_sysfs_test_add_targets+x1cc/x738
[<...>] kunit_try_run_case+x13c/x3ac
Here’s a simplified problem code section
static int damon_sysfs_test_add_targets(...)
{
...
sysfs_target->regions = damon_sysfs_regions_alloc(nr_regions);
if (!sysfs_target->regions)
return -ENOMEM;
...
// Oops: Doesn't free sysfs_target->regions in all error/exit paths!
}
## Patched / Fixed Code Snippet
The patch makes sure that sysfs_target->regions is freed if cleanup is needed. Example
err:
...
kfree(sysfs_target->regions);
return ret;
Now, memory is properly cleaned up even during errors.
### Full Patch / Commit
You can see the real kernel fix here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3e1258a104a991f99ed65a6ccae1d18a4c620a3
How could you exploit this?
This vulnerability is primarily exploitable by anyone able to run DAMON sysfs KUnit tests—typically, kernel developers or trusted users during kernel build/test cycles. A malicious local user with access to run these tests could intentionally create a memory exhaustion scenario by repeatedly triggering the defective function and causing the kernel to leak memory each time.
Suppose you had a bad kernel (unpatched). You could flood the memory with leaks like so
# Run the sysfs KUnit tests in a loop
while true; do
echo 'run damon-sysfs' > /sys/kernel/debug/kunit/control
done
Over time, kernel memory usage would grow as unreleased "regions" objects pile up.
You can catch the leak with
cat /sys/kernel/debug/kmemleak
Output would show unreferenced objects, like in the original report.
Impact
- Who is affected: Developers who run kernel self-tests (specifically, with DAMON sysfs KUnit enabled).
Links & Resources
- Upstream Kernel Commit
- CVE Record — CVE-2024-50068 (check when published)
- DAMON Documentation
- KUnit Testing Documentation
- Linux KMemleak Manual
TL;DR
CVE-2024-50068 was a kernel memory leak in DAMON's sysfs KUnit test code. If you run these tests in an affected kernel, memory would leak every time you added test targets, risking test environment stability and misdiagnosis. Patched kernels now clean up memory properly. Always update your kernel dev/test environments!
If you’re not developing or testing the Linux kernel with these features, you’re probably safe—this is a developer/tester issue, not a general-use one.
*Stay safe, keep your test kernels up-to-date, and always check for leaks!*
Timeline
Published on: 10/29/2024 01:15:04 UTC
Last modified on: 10/30/2024 16:57:35 UTC