CVE-2024-57886

mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series "mm/damon/core: fix memory leaks and ignored inputs from
damon_commit_ctx()". Due to two bugs in damon_commit_targets() and damon_commit_schemes(),
which are called from damon_commit_ctx(), some user inputs can be ignored,
and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core
API user modules that more focused more on simple and dedicated production
usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy
function in the way, so not affected. This patch (of 2): When new DAMON targets are added via damon_commit_targets(), the newly
created targets are not deallocated when updating the internal data
(damon_commit_target()) is failed. Worse yet, even if the setup is
successfully done, the new target is not linked to the context. Hence,
the new targets are always leaked regardless of the internal data setup
failure. Fix the leaks.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/core: corrige nuevas fugas de objetos damon_target en damon_commit_targets() Serie de parches "mm/damon/core: corrige fugas de memoria y entradas ignoradas de damon_commit_ctx()". Debido a dos errores en damon_commit_targets() y damon_commit_schemes(), que se llaman desde damon_commit_ctx(), algunas entradas de usuario pueden ignorarse y algunos objetos de memoria pueden filtrarse. Arréglelos. Tenga en cuenta que solo los usuarios de la interfaz sysfs de DAMON se ven afectados. Otros módulos de usuario de la API del núcleo de DAMON que se centran más en usos de producción simples y dedicados, incluidos DAMON_RECLAIM y DAMON_LRU_SORT, no utilizan la función con errores de la misma manera, por lo que no se ven afectados. Este parche (de 2): Cuando se agregan nuevos objetivos DAMON a través de damon_commit_targets(), los objetivos recién creados no se desasignan cuando falla la actualización de los datos internos (damon_commit_target()). Peor aún, incluso si la configuración se realiza correctamente, el nuevo objetivo no está vinculado al contexto. Por lo tanto, los nuevos objetivos siempre se filtran independientemente de la falla de configuración de los datos internos. Corrija las filtraciones.

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series "mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()". Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core API user modules that more focused more on simple and dedicated production usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy function in the way, so not affected. This patch (of 2): When new DAMON targets are added via damon_commit_targets(), the newly created targets are not deallocated when updating the internal data (damon_commit_target()) is failed. Worse yet, even if the setup is successfully done, the new target is not linked to the context. Hence, the new targets are always leaked regardless of the internal data setup failure. Fix the leaks.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-01-11 CVE Reserved
2025-01-15 CVE Published
2025-01-15 CVE Updated
2025-01-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/9cb3d0b9dfce6a3258d91e6d69e418d0b4cce46a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3647932d0b3e609c762c55e8f9fe10a09776e0a7	2025-01-09
https://git.kernel.org/stable/c/8debfc5b1aa569d3d2ac836af2553da037611c61	2024-12-31

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.13-rc6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.13-rc6"		en		Affected