CVE-2024-53210
CVE-2024-53210
Vie, 27/12/2024 – 14:15
CVE-2024-53210
s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount
(skb->users) and iucv_sock_recvmsg() does not decrement skb refcount
at exit.
This results in skb memory leak in skb_queue_purge() and WARN_ON in
iucv_sock_destruct() during socket close. To fix this decrease
skb refcount by one if MSG_PEEK is set in order to prevent memory
leak and WARN_ON.
WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv]
CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1
Hardware name: IBM 3931 A01 704 (z/VM 7.3.0)
Call Trace:
[] iucv_sock_destruct+0x148/0x1a0 [af_iucv]
[] iucv_sock_destruct+0x80/0x1a0 [af_iucv]
[] __sk_destruct+0x52/0x550
[] __sock_release+0xa4/0x230
[] sock_close+0x2c/0x40
[] __fput+0x2e8/0x970
[] task_work_run+0x1c4/0x2c0
[] do_exit+0x996/0x1050
[] do_group_exit+0x13a/0x360
[] __s390x_sys_exit_group+0x56/0x60
[] do_syscall+0x27a/0x380
[] __do_syscall+0x9c/0x160
[] system_call+0x70/0x98
Last Breaking-Event-Address:
[] iucv_sock_destruct+0x84/0x1a0 [af_iucv]
