Bug 2330804 (CVE-2024-12254)

Summary: CVE-2024-12254 python: Unbounded memory buffering in SelectorSocketTransport.writelines()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dfreiber, drow, jburrell, jeder, luizcosta, nweather, rbobbitt, vkumar, zkayyali
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Python. In certain configurations, the `asyncio._SelectorSocketTransport.writelines()` method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denial of service via memory exhaustion.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2330923, 2330924, 2330925, 2330926, 2330927, 2330928    
Bug Blocks:    

Description OSIDB Bzimport 2024-12-06 16:01:17 UTC 
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
 method would not "pause" writing and signal to the Protocol to drain 
the buffer to the wire once the write buffer reached the "high-water 
mark". Because of this, Protocols would not periodically drain the write
 buffer potentially leading to memory exhaustion.





This
 vulnerability likely impacts a small number of users, you must be using
 Python 3.12.0 or later, on macOS or Linux, using the asyncio module 
with protocols, and using .writelines() method which had new 
zero-copy-on-write behavior in Python 3.12.0 and later. If not all of 
these factors are true then your usage of Python is unaffected.
Comment 2 errata-xmlrpc 2024-12-12 08:38:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10978 https://access.redhat.com/errata/RHSA-2024:10978
Comment 3 errata-xmlrpc 2024-12-12 08:50:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10980 https://access.redhat.com/errata/RHSA-2024:10980
Comment 4 errata-xmlrpc 2024-12-13 09:15:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:11035 https://access.redhat.com/errata/RHSA-2024:11035