1218767 – (CVE-2024-0443) VUL-0: CVE-2024-0443: kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.

Bug 1218767 (CVE-2024-0443) - VUL-0: CVE-2024-0443: kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.

Summary: VUL-0: CVE-2024-0443: kernel: blkio memory leakage due to blkcg and some blkg...

Status:	RESOLVED UPSTREAM

Alias:	CVE-2024-0443

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/390914/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-0443:3.3:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-01-12 14:28 UTC by SMASH SMASH
Modified:	2024-02-09 14:41 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-01-12 14:28:50 UTC

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0443
https://bugzilla.redhat.com/show_bug.cgi?id=2257968
https://access.redhat.com/security/cve/CVE-2024-0443
https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/
https://www.cve.org/CVERecord?id=CVE-2024-0443

Comment 1 Jan Kara 2024-02-01 18:29:16 UTC

I guess I'm as good as it gets for this bug...

Comment 2 Marcus Meissner 2024-02-08 16:43:44 UTC

fixes is in 6.2+

assuming older kernels not affected.

Comment 3 Marcus Meissner 2024-02-08 16:44:20 UTC

15-SP6
ALP

affected

Comment 4 Jan Kara 2024-02-08 18:01:40 UTC

Yes, the problem as apparently introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") in 6.2 and the referenced patch has eventually materialized as 20cb1c2fb756 ("blk-cgroup: Flush stats before releasing blkcg_gq") going into 6.4-rc7. So I don't think any of our kernels is actually affected. Reassigning back to security team.

Comment 5 Marcus Meissner 2024-02-09 14:41:52 UTC

fixed