CVE ID : CVE-2023-53136
Published : May 2, 2025, 4:15 p.m. | 34 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
af_unix: fix struct pid leaks in OOB support
syzbot reported struct pid leak [1].
Issue is that queue_oob() calls maybe_add_creds() which potentially
holds a reference on a pid.
But skb->destructor is not set (either directly or by calling
unix_scm_to_skb())
This means that subsequent kfree_skb() or consume_skb() would leak
this reference.
In this fix, I chose to fully support scm even for the OOB message.
[1]
BUG: memory leak
unreferenced object 0xffff8881053e7f80 (size 128):
comm “syz-executor242”, pid 5066, jiffies 4294946079 (age 13.220s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
backtrace:
[] alloc_pid+0x6a/0x560 kernel/pid.c:180
[] copy_process+0x169f/0x26c0 kernel/fork.c:2285
[] kernel_clone+0xf7/0x610 kernel/fork.c:2684
[] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825
[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
[] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
