{
  "threat_severity" : "Moderate",
  "public_date" : "2024-12-02T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: virtio/vsock: Fix accept_queue memory leak",
    "id" : "2329918",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2329918"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvirtio/vsock: Fix accept_queue memory leak\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\nvsock_release\n__vsock_release\nlock\nvirtio_transport_release\nvirtio_transport_close\nschedule_delayed_work(close_work)\nsk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\nrelease\nvirtio_transport_recv_pkt\nvsock_find_bound_socket\nlock\nif flag(SOCK_DONE) return\nvirtio_transport_recv_listen\nchild = vsock_create_connected\n(!)   vsock_enqueue_accept(child)\nrelease\nclose_work\nlock\nvirtio_transport_do_close\nset_flag(SOCK_DONE)\nvirtio_transport_remove_sock\nvsock_remove_sock\nvsock_remove_bound\nrelease\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\nunreferenced object 0xffff888109e3f800 (size 2040):\ncomm \"kworker/5:2\", pid 371, jiffies 4294940105\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00  (..@............\nbacktrace (crc 9e5f4e84):\n[<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360\n[<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120\n[<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0\n[<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310\n[<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0\n[<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140\n[<ffffffff810fc6ac>] process_one_work+0x20c/0x570\n[<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0\n[<ffffffff811070dd>] kthread+0xdd/0x110\n[<ffffffff81044fdd>] ret_from_fork+0x2d/0x50\n[<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-53119\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53119\nhttps://lore.kernel.org/linux-cve-announce/2024120251-CVE-2024-53119-4957@gregkh/T" ],
  "name" : "CVE-2024-53119",
  "csaw" : false
}