CVE-2024-41001

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227", "name": "https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667", "name": "https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3", "name": "https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae", "name": "https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there's a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm \"iou-sqp-455\", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 2e481b1a):\n[<00000000c0a26af4>] kmemleak_alloc+0x30/0x38\n[<000000009c30bb45>] kmalloc_trace+0x228/0x358\n[<000000009da9d39f>] __audit_sockaddr+0xd0/0x138\n[<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8\n[<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4\n[<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48\n[<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4\n[<00000000d999b491>] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n audit call.\n2) The thread hasn't done any operations before this that triggered\n an audit call inside ->issue(), where we have audit_uring_entry()\n and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-401"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-41001", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2024-07-12T13:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.96"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-08-21T16:17Z"}