CVE-2024-53210

In the Linux kernel, the following vulnerability has been resolved:

s390/iucv: MSGPEEK causes memory leak in iucvsock_destruct()

Passing MSGPEEK flag to skbrecvdatagram() increments skb refcount (skb->users) and iucvsockrecvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skbqueuepurge() and WARNON in iucvsockdestruct() during socket close. To fix this decrease skb refcount by one if MSGPEEK is set in order to prevent memory leak and WARNON.

WARNING: CPU: 2 PID: 6292 at net/iucv/afiucv.c:286 iucvsockdestruct+0x144/0x1a0 [afiucv] CPU: 2 PID: 6292 Comm: afiucvtestmsg Kdump: loaded Tainted: G W 6.10.0-rc7 #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<001587c682c4aa98>] iucvsockdestruct+0x148/0x1a0 [afiucv] [<001587c682c4a9d0>] iucvsockdestruct+0x80/0x1a0 [afiucv] [<001587c704117a32>] __sk_destruct+0x52/0x550 [<001587c704104a54>] __sockrelease+0xa4/0x230 [<001587c704104c0c>] sockclose+0x2c/0x40 [<001587c702c5f5a8>] __fput+0x2e8/0x970 [<001587c7024148c4>] taskworkrun+0x1c4/0x2c0 [<001587c7023b0716>] doexit+0x996/0x1050 [<001587c7023b13aa>] dogroup_exit+0x13a/0x360 [<001587c7023b1626>] __s390xsysexitgroup+0x56/0x60 [<001587c7022bccca>] dosyscall+0x27a/0x380 [<001587c7049a6a0c>] _dosyscall+0x9c/0x160 [<001587c7049ce8a8>] systemcall+0x70/0x98 Last Breaking-Event-Address: [<001587c682c4a9d4>] iucvsockdestruct+0x84/0x1a0 [afiucv]