CVE-2024-0443Resource Leak in Kernel

CWE-402Resource LeakCWE-668Resource Exposure8 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedJan 12
Latest updateJan 14

Description

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of m

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlinux/linux_kernel6.26.4+1
Debianlinux/linux_kernel< 6.3.11-1+1

Also affects: Enterprise Linux 8.0, 9.0, Fedora 39

🔴Vulnerability Details

3
GHSA
GHSA-rqh4-x2v7-j34g: A flaw was found in the blkgs destruction path in block/blk-cgroup2024-01-12
OSV
CVE-2024-0443: A flaw was found in the blkgs destruction path in block/blk-cgroup2024-01-12
CVEList
Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.2024-01-11

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2025-04432025-01-14
Debian
CVE-2024-0443: linux - A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linu...2024
Red Hat
kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.2023-12-14

💬Community

1
Bugzilla
CVE-2024-0443 kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.2024-01-11
CVE-2024-0443 — Resource Leak in Linux Kernel | cvebase