Bug 2257968 (CVE-2024-0443)

Summary: CVE-2024-0443 kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2208904, 2208905, 2220810, 2220811, 2238721, 2257970    
Bug Blocks: 2257966    

Description Rohit Keshri 2024-01-11 20:41:57 UTC 
A cgroup blkio memory leakage problem was found in blkgs destruction path in block/blk-cgroup.c in the Linux kernel. In this flaw, an attacker with a local access may cause a system instability, such as out of memory.

Refer:
https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/
Comment 1 Rohit Keshri 2024-01-11 20:45:04 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2257970]
Comment 15 Justin M. Forbes 2024-01-15 19:11:10 UTC 
This was fixed for Fedora with the 6.3.9 stable kernel updates.