admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-474xx/CVE-2021-47488.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

33 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-47488",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-22T09:15:10.700",
"lastModified": "2024-05-22T12:46:53.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Fix memory leak caused by missing cgroup_bpf_offline\n\nWhen enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running\nthe command as below:\n\n $mount -t cgroup -o none,name=foo cgroup cgroup/\n $umount cgroup/\n\nunreferenced object 0xc3585c40 (size 64):\n comm \"mount\", pid 425, jiffies 4294959825 (age 31.990s)\n hex dump (first 32 bytes):\n 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(.........\n 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC......\n backtrace:\n [<e95a2f9e>] cgroup_bpf_inherit+0x44/0x24c\n [<1f03679c>] cgroup_setup_root+0x174/0x37c\n [<ed4b0ac5>] cgroup1_get_tree+0x2c0/0x4a0\n [<f85b12fd>] vfs_get_tree+0x24/0x108\n [<f55aec5c>] path_mount+0x384/0x988\n [<e2d5e9cd>] do_mount+0x64/0x9c\n [<208c9cfe>] sys_mount+0xfc/0x1f4\n [<06dd06e0>] ret_fast_syscall+0x0/0x48\n [<a8308cb3>] 0xbeb4daa8\n\nThis is because that since the commit 2b0d3d3e4fcf (\"percpu_ref: reduce\nmemory footprint of percpu_ref in fast path\") root_cgrp->bpf.refcnt.data\nis allocated by the function percpu_ref_init in cgroup_bpf_inherit which\nis called by cgroup_setup_root when mounting, but not freed along with\nroot_cgrp when umounting. Adding cgroup_bpf_offline which calls\npercpu_ref_kill to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in\numount path.\n\nThis patch also fixes the commit 4bfc0bb2c60e (\"bpf: decouple the lifetime\nof cgroup_bpf from cgroup itself\"). A cgroup_bpf_offline is needed to do a\ncleanup that frees the resources which are allocated by cgroup_bpf_inherit\nin cgroup_setup_root.\n\nAnd inside cgroup_bpf_offline, cgroup_get() is at the beginning and\ncgroup_put is at the end of cgroup_bpf_release which is called by\ncgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of\ncgroup's refcount."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cgroup: corrige la p\u00e9rdida de memoria causada por la falta de cgroup_bpf_offline Al habilitar CONFIG_CGROUP_BPF, se puede observar kmemleak ejecutando el siguiente comando: $mount -t cgroup -o none,name=foo cgroup cgroup / $umount cgroup/ objeto sin referencia 0xc3585c40 (tama\u00f1o 64): comm \"mount\", pid 425, sjiffies 4294959825 (edad 31.990s) volcado hexadecimal (primeros 32 bytes): 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(....... 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC...... retroceso : [] cgroup_bpf_inherit+0x44/0x24c [&lt;1f03679c&gt;] cgroup_setup_root+0x174/0x37c [] cgroup1_get_tree+0x2c0/0x4a0 [] 8 [] ruta_montaje+0x384/ 0x988 [] do_mount+0x64/0x9c [&lt;208c9cfe&gt;] sys_mount+0xfc/0x1f4 [&lt;06dd06e0&gt;] ret_fast_syscall+0x0/0x48 [] 0xbeb4daa8 Esto se debe a que desde El commit 2b0d3d3e4f cf (\"percpu_ref: reducir huella de memoria de percpu_ref en la ruta r\u00e1pida\") root_cgrp-&gt;bpf.refcnt.data es asignada por la funci\u00f3n percpu_ref_init en cgroup_bpf_inherit, que es llamada por cgroup_setup_root al montar, pero no se libera junto con root_cgrp al desmontar. Agregar cgroup_bpf_offline que llama a percpu_ref_kill a cgroup_kill_sb puede liberar root_cgrp-&gt;bpf.refcnt.data en la ruta de montaje. Este parche tambi\u00e9n corrige el commit 4bfc0bb2c60e (\"bpf: desacople la vida \u00fatil de cgroup_bpf del propio cgroup\"). Se necesita cgroup_bpf_offline para realizar una sanitizaci\u00f3n que libere los recursos asignados por cgroup_bpf_inherit en cgroup_setup_root. Y dentro de cgroup_bpf_offline, cgroup_get() est\u00e1 al principio y cgroup_put est\u00e1 al final de cgroup_bpf_release, que es llamado por cgroup_bpf_offline. Entonces cgroup_bpf_offline puede mantener el saldo del recuento de cgroup."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink