DEBIAN-CVE-2023-53136
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-53136
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53136.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53136
- Upstream
- Published
- 2025-05-02T16:15:32Z
- Modified
- 2025-09-19T06:19:33Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: afunix: fix struct pid leaks in OOB support syzbot reported struct pid leak [1]. Issue is that queueoob() calls maybeaddcreds() which potentially holds a reference on a pid. But skb->destructor is not set (either directly or by calling unixscmtoskb()) This means that subsequent kfreeskb() or consumeskb() would leak this reference. In this fix, I chose to fully support scm even for the OOB message. [1] BUG: memory leak unreferenced object 0xffff8881053e7f80 (size 128): comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812ae26a>] allocpid+0x6a/0x560 kernel/pid.c:180 [<ffffffff812718df>] copyprocess+0x169f/0x26c0 kernel/fork.c:2285 [<ffffffff81272b37>] kernelclone+0xf7/0x610 kernel/fork.c:2684 [<ffffffff812730cc>] _dosysclone+0x7c/0xb0 kernel/fork.c:2825 [<ffffffff849ad699>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<ffffffff849ad699>] dosyscall64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84a0008b>] entrySYSCALL64after_hwframe+0x63/0xcd
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source