CVE-2024-53119

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 19, 2024
CWE ID 401

Summary

CVE-2024-53119: A memory leak vulnerability was identified in the Linux kernel's virtio/vsock subsystem. During socket destruction, if virtio_transport_recv_listen() is called after the accept_queue has been flushed but before the SOCK_DONE flag has been set, new sockets could remain unremoved, leading to a memory leak. To address this issue, a check has been introduced to prevent vsock_enqueue_accept() during socket destruction. This vulnerability resulted in an unreferenced object of size 2040, with a hex dump and backtrace provided in the log.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share