CVE-2021-47024

UNKNOWN

Published 2024-02-28T08:13:36.489Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-47024. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: free queued packets when closing socket

As reported by syzbot [1], there is a memory leak while closing the
socket. We partially solved this issue with commit ac03046ece2b
("vsock/virtio: free packets during the socket release"), but we
forgot to drain the RX queue when the socket is definitely closed by
the scheduled work.

To avoid future issues, let's use the new virtio_transport_remove_sock()
to drain the RX queue before removing the socket from the af_vsock lists
calling vsock_remove_sock().

[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 4ea082cd3c400cd5bb36a7beb7e441bf3e29350d 4e539fa2dec4db3405e47002f2878aa4a99eb68b 4af8a327aeba102aaa9b78f3451f725bc590b237 51adb8ebe8c1d80528fc2ea863cfea9d32d2c52b 7d29c9ad0ed525c1b10e29cfca4fb1eece1e93fb

Linux

Affected Versions:

5.2 0 5.10.37 5.11.21 5.12.4 5.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-wwcj-mm94-5r39

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work. To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock(). [1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-47024

WEB https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a

WEB https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b

WEB https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39

WEB https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf

Advisory provided by GitHub Security Advisory Database. Published: February 28, 2024, Modified: December 6, 2024

References

https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf

https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a

https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b

https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39

Published: 2024-02-28T08:13:36.489Z

Last Modified: 2025-05-04T12:40:56.582Z

Copied to clipboard!

CVE-2021-47024

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!