Headline
CVE-2021-20265: git/torvalds/linux.git - Linux kernel source tree
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
author
Eric Dumazet [email protected]
2016-01-24 13:53:50 -0800
committer
David S. Miller [email protected]
2016-01-24 22:04:49 -0800
commit
fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (patch)
tree
de00379849c3284fd3cd1cd7359792dd741305ef
parent
4877be9019baaf1432f9117bff4873e4ad518d91 (diff)
download
linux-fa0dc04df259ba2df3ce1920e9690c7842f8fa4b.tar.gz
af_unix: fix struct pid memory leak
Dmitry reported a struct pid leak detected by a syzkaller program. Bug happens in unix_stream_recvmsg() when we break the loop when a signal is pending, without properly releasing scm. Fixes: b3ca9b02b007 (“net: fix multithreaded signal handling in unix recv routines”) Reported-by: Dmitry Vyukov [email protected] Signed-off-by: Eric Dumazet [email protected] Cc: Rainer Weikusat [email protected] Signed-off-by: David S. Miller [email protected]
-rw-r–r--
net/unix/af_unix.c
1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c5bf5ef2bf894…49d5093eb0553 100644
— a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2339,6 +2339,7 @@ again:
if (signal_pending(current)) {
err = sock_intr_errno(timeo);
+ scm_destroy(&scm);
goto out;
}