CVE-2024-53118

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 11, 2024
CWE ID 401

Summary

CVE-2024-53118: A memory leak issue has been identified and addressed in the Linux kernel's vsock subsystem. Kernel queues used for MSG_ZEROCOPY completion notifications were not being properly cleaned up when the socket was destroyed. This resulted in memory leaks with an unreferenced object of size 224. The object, with a hex dump starting with '90 b0 21 17 81 88 ff ff', was associated with the process 'vsock_test' and the comm '1218'. The memory leak occurred due to the allocation of an skb object in 'sock_omalloc', which was not freed upon socket destruction. The vulnerability was discovered during the observance of the kernel error queue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share