Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-0443

Опубликовано: 12 янв. 2024
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.4 (исключая)
cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 2%
0.00013
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-402
CWE-668

Связанные уязвимости

ubuntu логотип

CVE-2024-0443

CVSS3: 5.5
ubuntu
около 2 лет назад

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

redhat логотип

CVE-2024-0443

CVSS3: 5.5
redhat
около 2 лет назад

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

debian логотип

CVE-2024-0443

CVSS3: 5.5
debian
около 2 лет назад

A flaw was found in the blkgs destruction path in block/blk-cgroup.c i ...

github логотип

GHSA-rqh4-x2v7-j34g

CVSS3: 5.5
github
около 2 лет назад

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

fstec логотип

BDU:2024-00379

CVSS3: 5.5
fstec
около 2 лет назад

Уязвимость функции blkcg_destroy_blkgs() (block/blk-cgroup.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 2%
0.00013
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-402
CWE-668