Bug 2049700 (CVE-2022-0480) - CVE-2022-0480 kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion
Summary: CVE-2022-0480 kernel: memcg does not limit the number of POSIX file locks all...
Keywords:
Status: NEW
Alias: CVE-2022-0480
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2049708 2051677 2051678 2066600 2066601 2209993 2209994 2209995 2209996 2209997 2209998
Blocks: 2040774 2049704
TreeView+ depends on / blocked
 
Reported: 2022-02-02 14:56 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-05-02 22:49 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:2634 0 None None None 2024-05-01 01:21:43 UTC
Red Hat Product Errata RHBA-2024:2650 0 None None None 2024-05-02 00:14:31 UTC
Red Hat Product Errata RHBA-2024:2686 0 None None None 2024-05-02 22:49:39 UTC
Red Hat Product Errata RHSA-2024:1250 0 None None None 2024-03-12 00:43:01 UTC
Red Hat Product Errata RHSA-2024:1303 0 None None None 2024-03-13 00:13:28 UTC
Red Hat Product Errata RHSA-2024:1304 0 None None None 2024-03-13 00:21:49 UTC
Red Hat Product Errata RHSA-2024:1306 0 None None None 2024-03-13 09:07:55 UTC
Red Hat Product Errata RHSA-2024:2394 0 None None None 2024-04-30 10:07:40 UTC

Description Guilherme de Almeida Suckevicz 2022-02-02 14:56:23 UTC 
A flaw was found in filelock_init in fs/locks.c in the Linux kernel. In this flaw, A host memory exhaustion is possible because memcg does not limit the number of POSIX file locks.

Reference:
https://github.com/kata-containers/kata-containers/issues/3373
https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/
Comment 1 Guilherme de Almeida Suckevicz 2022-02-02 15:01:06 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2049708]
Comment 4 juneau 2022-02-08 12:54:43 UTC 
Marking Services notaffected per kernel analysis.
Comment 5 Justin M. Forbes 2022-02-10 22:03:42 UTC 
This was fixed for Fedora with the 5.15.x stable kernel rebases.
Comment 6 Rohit Keshri 2022-03-20 18:39:20 UTC 
Upstream has revered the fix with the following details:
***
commit 3754707bcc3e190e5dadc978d172b61e809cb3bd
Author: Linus Torvalds <torvalds>
Date:   Tue Sep 7 11:21:48 2021 -0700

    Revert "memcg: enable accounting for file lock caches"
    
    This reverts commit 0f12156dff2862ac54235fc72703f18770769042.
    
    The kernel test robot reports a sizeable performance regression for this
    commit, and while it clearly does the rigth thing in theory, we'll need
    to look at just how to avoid or minimize the performance overhead of the
    memcg accounting.
    
    People already have suggestions on how to do that, but it's "future
    work".
    
    So revert it for now.
    
    Link: https://lore.kernel.org/lkml/20210907150757.GE17617@xsang-OptiPlex-9020/
    Acked-by: Jens Axboe <axboe>
    Acked-by: Shakeel Butt <shakeelb>
    Acked-by: Roman Gushchin <guro>
    Cc: Tejun Heo <tj>
    Signed-off-by: Linus Torvalds <torvalds>
***
Comment 22 errata-xmlrpc 2024-03-12 00:42:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250
Comment 23 errata-xmlrpc 2024-03-13 00:13:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1303 https://access.redhat.com/errata/RHSA-2024:1303
Comment 24 errata-xmlrpc 2024-03-13 00:21:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1304 https://access.redhat.com/errata/RHSA-2024:1304
Comment 25 errata-xmlrpc 2024-03-13 09:07:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306
Comment 26 errata-xmlrpc 2024-04-30 10:07:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
Note You need to log in before you can comment on or make changes to this bug.