CVE-2024-0443 - Exposure of Resource to Wrong Sphere

Severity

55%

Complexity

18%

Confidentiality

60%

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Overview

Type

Linux

First reported 1 year ago

2024-01-12 00:15:00

Last updated 3 months ago

2024-11-21 08:46:00

Affected Software

Linux Kernel

Red Hat Enterprise Linux 8.0

8.0

References

https://access.redhat.com/security/cve/CVE-2024-0443

RHBZ#2257968

https://lore.kernel.org/linux-block/[email protected]/

RHSA-2023:7077

https://access.redhat.com/security/cve/CVE-2024-0443

Third Party Advisory

RHBZ#2257968

Issue Tracking, Third Party Advisory

https://lore.kernel.org/linux-block/[email protected]/

Mailing List

RHSA-2023:7077

Third Party Advisory

RHSA-2023:6583

RHSA-2023:7370

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.