CVE-2023-53136

In the Linux kernel, the following vulnerability has been resolved:

af_unix: fix struct pid leaks in OOB support

syzbot reported struct pid leak [1].

Issue is that queueoob() calls maybeadd_creds() which potentially holds a reference on a pid.

But skb->destructor is not set (either directly or by calling unixscmto_skb())

This means that subsequent kfreeskb() or consumeskb() would leak this reference.

In this fix, I chose to fully support scm even for the OOB message.

[1] BUG: memory leak unreferenced object 0xffff8881053e7f80 (size 128): comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812ae26a>] allocpid+0x6a/0x560 kernel/pid.c:180 [<ffffffff812718df>] copyprocess+0x169f/0x26c0 kernel/fork.c:2285 [<ffffffff81272b37>] kernelclone+0xf7/0x610 kernel/fork.c:2684 [<ffffffff812730cc>] _dosysclone+0x7c/0xb0 kernel/fork.c:2825 [<ffffffff849ad699>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<ffffffff849ad699>] dosyscall64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84a0008b>] entrySYSCALL64afterhwframe+0x63/0xcd