CVE-2021-47024
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-47024
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47024.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-47024
- Related
- Published
- 2024-02-28T09:15:39Z
- Modified
- 2024-09-18T01:00:22Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: free queued packets when closing socket
As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work.
To avoid future issues, let's use the new virtiotransportremovesock() to drain the RX queue before removing the socket from the afvsock lists calling vsockremovesock().
[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9
- References
-
- https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1894763a
- https://git.kernel.org/stable/c/37c38674ef2f8d7e8629e5d433c37d6c1273d16b
- https://git.kernel.org/stable/c/8432b8114957235f42e070a16118a7f750de9d39
- https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf
- https://security-tracker.debian.org/tracker/CVE-2021-47024
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source