{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-53119","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-11-19T17:17:24.994Z","datePublished":"2024-12-02T13:44:50.438Z","dateUpdated":"2025-11-03T22:29:24.570Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T13:00:27.334Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n  __vsock_release\n    lock\n    virtio_transport_release\n      virtio_transport_close\n        schedule_delayed_work(close_work)\n    sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n    release\n                                        virtio_transport_recv_pkt\n                                          vsock_find_bound_socket\n                                          lock\n                                          if flag(SOCK_DONE) return\n                                          virtio_transport_recv_listen\n                                            child = vsock_create_connected\n                                      (!)   vsock_enqueue_accept(child)\n                                          release\nclose_work\n  lock\n  virtio_transport_do_close\n    set_flag(SOCK_DONE)\n    virtio_transport_remove_sock\n      vsock_remove_sock\n        vsock_remove_bound\n  release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n  comm \"kworker/5:2\", pid 371, jiffies 4294940105\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00  (..@............\n  backtrace (crc 9e5f4e84):\n    [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360\n    [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120\n    [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0\n    [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310\n    [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0\n    [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140\n    [<ffffffff810fc6ac>] process_one_work+0x20c/0x570\n    [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0\n    [<ffffffff811070dd>] kthread+0xdd/0x110\n    [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50\n    [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/vmw_vsock/virtio_transport_common.c"],"versions":[{"version":"3fe356d58efae54dade9ec94ea7c919ed20cf4db","lessThan":"e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c","status":"affected","versionType":"git"},{"version":"3fe356d58efae54dade9ec94ea7c919ed20cf4db","lessThan":"4310902c766e371359e6c6311056ae80b5beeac9","status":"affected","versionType":"git"},{"version":"3fe356d58efae54dade9ec94ea7c919ed20cf4db","lessThan":"946c7600fa2207cc8d3fbc86a518ec56f98a5813","status":"affected","versionType":"git"},{"version":"3fe356d58efae54dade9ec94ea7c919ed20cf4db","lessThan":"897617a413e0bf1c6380e3b34b2f28f450508549","status":"affected","versionType":"git"},{"version":"3fe356d58efae54dade9ec94ea7c919ed20cf4db","lessThan":"2415345042245de7601dcc6eafdbe3a3dcc9e379","status":"affected","versionType":"git"},{"version":"3fe356d58efae54dade9ec94ea7c919ed20cf4db","lessThan":"d7b0ff5a866724c3ad21f2628c22a63336deec3f","status":"affected","versionType":"git"},{"version":"2e7dd95046203bd05e8f4dc06ee53cace70a8e3c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/vmw_vsock/virtio_transport_common.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"5.10.232","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.175","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.119","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.63","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.10","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.232"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.15.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.1.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.6.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.11.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c"},{"url":"https://git.kernel.org/stable/c/4310902c766e371359e6c6311056ae80b5beeac9"},{"url":"https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813"},{"url":"https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549"},{"url":"https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379"},{"url":"https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f"}],"title":"virtio/vsock: Fix accept_queue memory leak","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:29:24.570Z"}}]}}