{
  "threat_severity" : "Moderate",
  "public_date" : "2024-07-29T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: sched/deadline: Fix task_struct reference leak",
    "id" : "2300381",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2300381"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsched/deadline: Fix task_struct reference leak\nDuring the execution of the following stress test with linux-rt:\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\nkmemleak frequently reported a memory leak concerning the task_struct:\nunreferenced object 0xffff8881305b8000 (size 16136):\ncomm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\nobject hex dump (first 32 bytes):\n02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\ndebug hex dump (first 16 bytes):\n53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\nbacktrace:\n[<00000000046b6790>] dup_task_struct+0x30/0x540\n[<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n[<00000000ced59777>] kernel_clone+0xb0/0x770\n[<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n[<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n[<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.", "A vulnerability was found in the Linux kernel's deadline scheduler in the enqueue_task_dl() function, where the reference count is improperly decremented in certain situations, potentially causing a memory leak. This issue can lead to memory exhaustion over time." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:7000",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.22.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-11-26T00:00:00Z",
    "advisory" : "RHSA-2024:10262",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.8",
    "package" : "kernel-0:4.18.0-477.81.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-09-18T00:00:00Z",
    "advisory" : "RHSA-2024:6744",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.84.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-09-18T00:00:00Z",
    "advisory" : "RHSA-2024:6745",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.84.1.rt14.369.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2024-11-13T00:00:00Z",
    "advisory" : "RHSA-2024:9546",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.44.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-41023\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41023\nhttps://lore.kernel.org/linux-cve-announce/2024072917-CVE-2024-41023-32a0@gregkh/T" ],
  "name" : "CVE-2024-41023",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}