CVE-2024-56553

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56553
In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc->delivered_freeze If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION before calling binder_freeze_notification_done(), then it is detached from its reference (e.g. ref->freeze) but the work remains queued in proc->delivered_freeze. This leads to a memory leak when the process exits as any pending entries in proc->delivered_freeze are not freed: unreferenced object 0xffff38e8cfa36180 (size 64): comm "binder-util", pid 655, jiffies 4294936641 hex dump (first 32 bytes): b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8.. 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K..... backtrace (crc 95983b32): [<000000000d0582cf>] kmemleak_alloc+0x34/0x40 [<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280 [<00000000313b1704>] binder_thread_write+0xdec/0x439c [<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc [<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190 [<00000000b439adee>] invoke_syscall+0x6c/0x254 [<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230 [<0000000084f72311>] do_el0_svc+0x40/0x58 [<000000008b872457>] el0_svc+0x38/0x78 [<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c [<00000000a8ec61bf>] el0t_64_sync+0x190/0x194 This patch fixes the leak by ensuring that any pending entries in proc->delivered_freeze are freed during binder_deferred_release().

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/1db76ec2b4b206ff943e292a0b55e68ff3443598 Patch
https://git.kernel.org/stable/c/b8b77712142fb146fe18d2253bc8a798d522e427 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

15 Jan 2025, 18:35

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux
CWE CWE-401
References () https://git.kernel.org/stable/c/1db76ec2b4b206ff943e292a0b55e68ff3443598 - () https://git.kernel.org/stable/c/1db76ec2b4b206ff943e292a0b55e68ff3443598 - Patch
References () https://git.kernel.org/stable/c/b8b77712142fb146fe18d2253bc8a798d522e427 - () https://git.kernel.org/stable/c/b8b77712142fb146fe18d2253bc8a798d522e427 - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: corrige pérdida de memoria de proc-&gt;delivered_freeze Si se borra una notificación de congelamiento con BC_CLEAR_FREEZE_NOTIFICATION antes de llamar a binder_freeze_notification_done(), entonces se separa de su referencia (por ejemplo, ref-&gt;freeze) pero el trabajo permanece en cola en proc-&gt;delivered_freeze. Esto genera una pérdida de memoria cuando el proceso finaliza, ya que no se liberan las entradas pendientes en proc-&gt;delivered_freeze: objeto sin referencia 0xffff38e8cfa36180 (tamaño 64): comm "binder-util", pid 655, jiffies 4294936641 volcado hexadecimal (primeros 32 bytes): b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8.. 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........&lt;.K..... backtrace (crc 95983b32): [&lt;000000000d0582cf&gt;] kmemleak_alloc+0x34/0x40 [&lt;000000009c99a513&gt;] __kmalloc_cache_noprof+0x208/0x280 [&lt;00000000313b1704&gt;] binder_thread_write+0xdec/0x439c [&lt;000000000cbd33bb&gt;] binder_ioctl+0x1b68/0x22cc [&lt;000000002bbedeeb&gt;] __arm64_sys_ioctl+0x124/0x190 [&lt;00000000b439adee&gt;] invocar_syscall+0x6c/0x254 [&lt;00000000173558fc&gt;] Este parche corrige la fuga al garantizar que todas las entradas pendientes en proc-&gt;delivered_freeze se liberen durante binder_deferred_release().

27 Dec 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-27 15:15

Updated : 2025-04-17 21:15

NVD link : CVE-2024-56553

Mitre link : CVE-2024-56553

CVE.ORG link : CVE-2024-56553

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime