CVE-2023-52560: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/vaddr-test: fix memory leak in damondotestapplythreeregions()
The Linux kernel CVE team has assigned CVE-2023-52560 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030252-CVE-2023-52560-c3de@gregkh/T/#u
Other sources
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/vaddr-test: fix memory leak in damondotestapplythreeregions()
When CONFIGDAMONVADDRKUNITTEST=y and making CONFIGDEBUGKMEMLEAK=y and CONFIGDEBUGKMEMLEAKAUTOSCAN=y, the below memory leak is detected.
Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damondestroyctx() is removed, but still call damonnewtarget() and damonnewregion(), the damonregion which is allocated by kmemcachealloc() in damonnewregion() and the damontarget which is allocated by kmalloc in damonnewtarget() are not freed. And the damonregion which is allocated in damonnewregion() in damonsetregions() is also not freed.
So use damondestroytarget to free all the damonregions and damontarget.
unreferenced object 0xffff888107c9a940 (size 64): comm "kunittrycatch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff ............... backtrace: [] kmalloctrace+0x27/0xa0 [] damonnewtarget+0x3f/0x1b0 [] damondotestapplythreeregions.constprop.0+0x95/0x3e0 [] damontestapplythreeregions1+0x21e/0x260 [] kunitgenericrunthreadfnadapter+0x4a/0x90 [] kthread+0x2b6/0x380 [] retfromfork+0x2d/0x70 [] retfromforkasm+0x11/0x20 unreferenced object 0xffff8881079cc740 (size 56): comm "kunittrycatch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [] damonnewregion+0x22/0x1c0 [] damondotestapplythreeregions.constprop.0+0xd1/0x3e0 [] damontestapplythreeregions1+0x21e/0x260 [] kunitgenericrunthreadfnadapter+0x4a/0x90 [] kthread+0x2b6/0x380 [] retfromfork+0x2d/0x70 [] retfromforkasm+0x11/0x20 unreferenced object 0xffff888107c9ac40 (size 64): comm "kunittrycatch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v..... backtrace: [] kmalloctrace+0x27/0xa0 [] damonnewtarget+0x3f/0x1b0 [] damondotestapplythreeregions.constprop.0+0x95/0x3e0 [] damontestapplythreeregions2+0x21e/0x260 [] kunitgenericrunthreadfnadapter+0x4a/0x90 [] kthread+0x2b6/0x380 [] retfromfork+0x2d/0x70 [] retfromforkasm+0x11/0x20 unreferenced object 0xffff8881079ccc80 (size 56): comm "kunittrycatch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [] damonnewregion+0x22/0x1c0 [] damondotestapplythreeregions.constprop.0+0xd1/0x3e0 [] damontestapplythreeregions2+0x21e/0x260 [] kunitgenericrunthreadfnadapter+0x4a/0x90 [] kthread+0x2b6/0x380 [] retfromfork+0x2d/0x70 [
— IBM
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/vaddr-test: fix memory leak in damondotestapplythreeregions()
When CONFIGDAMONVADDRKUNITTEST=y and making CONFIGDEBUGKMEMLEAK=y and CONFIGDEBUGKMEMLEAKAUTOSCAN=y, the below memory leak is detected.
Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damondestroyctx() is removed, but still call damonnewtarget() and damonnewregion(), the damonregion which is allocated by kmemcachealloc() in damonnewregion() and the damontarget which is allocated by kmalloc in damonnewtarget() are not freed. And the damonregion which is allocated in damonnewregion() in damonsetregions() is also not freed.
So use damondestroytarget to free all the damonregions and damontarget.
unreferenced object 0xffff888107c9a940 (size 64): comm "kunittrycatch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff ............... backtrace: [<ffffffff817e0167>] kmalloctrace+0x27/0xa0 [<ffffffff819c11cf>] damonnewtarget+0x3f/0x1b0 [<ffffffff819c7d55>] damondotestapplythreeregions.constprop.0+0x95/0x3e0 [<ffffffff819c82be>] damontestapplythreeregions1+0x21e/0x260 [<ffffffff829fce6a>] kunitgenericrunthreadfnadapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] retfromfork+0x2d/0x70 [<ffffffff81003791>] retfromforkasm+0x11/0x20 unreferenced object 0xffff8881079cc740 (size 56): comm "kunittrycatch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damonnewregion+0x22/0x1c0 [<ffffffff819c7d91>] damondotestapplythreeregions.constprop.0+0xd1/0x3e0 [<ffffffff819c82be>] damontestapplythreeregions1+0x21e/0x260 [<ffffffff829fce6a>] kunitgenericrunthreadfnadapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] retfromfork+0x2d/0x70 [<ffffffff81003791>] retfromforkasm+0x11/0x20 unreferenced object 0xffff888107c9ac40 (size 64): comm "kunittrycatch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v..... backtrace: [<ffffffff817e0167>] kmalloctrace+0x27/0xa0 [<ffffffff819c11cf>] damonnewtarget+0x3f/0x1b0 [<ffffffff819c7d55>] damondotestapplythreeregions.constprop.0+0x95/0x3e0 [<ffffffff819c851e>] damontestapplythreeregions2+0x21e/0x260 [<ffffffff829fce6a>] kunitgenericrunthreadfnadapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] retfromfork+0x2d/0x70 [<ffffffff81003791>] retfromforkasm+0x11/0x20 unreferenced object 0xffff8881079ccc80 (size 56): comm "kunittrycatch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damonnewregion+0x22/0x1c0 [<ffffffff819c7d91>] damondotestapplythreeregions.constprop.0+0xd1/0x3e0 [<ffffffff819c851e>] damontestapplythreeregions2+0x21e/0x260 [<ffffffff829fce6a>] kunitgenericrunthreadfnadapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] retfromfork+0x2d/0x70 [<ffff ---truncated---
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52560?
CVE-2023-52560 does not have a commonly assigned severity rating, but it pertains to a memory leak issue in the Linux kernel.
How do I fix CVE-2023-52560?
To fix CVE-2023-52560, upgrade to the appropriate kernel versions 6.1.56, 6.5.6, or 6.6 as specified by your distribution.
Which Linux kernel versions are affected by CVE-2023-52560?
CVE-2023-52560 affects Linux kernel versions from 5.16 up to 6.1.56, 6.2 to 6.5.6, and specific release candidates of 6.6.
Is there a workaround for CVE-2023-52560 if I can't upgrade?
Currently, there is no documented workaround for CVE-2023-52560; upgrading the kernel is recommended for protection.
How was CVE-2023-52560 discovered?
CVE-2023-52560 was discovered as part of ongoing maintenance and security assessments conducted by the Linux kernel CVE team.