CVE-2021-47024 in Linux
Summary
by MITRE • 02/28/2024
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: free queued packets when closing socket
As reported by syzbot [1], there is a memory leak while closing the
socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work.
To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock().
[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/06/2024
The vulnerability CVE-2021-47024 represents a memory leak in the Linux kernel's virtual socket implementation, specifically within the vsock/virtio subsystem that handles communication between virtual machines and host systems. This issue manifests when sockets are closed, leaving queued packets in memory without proper cleanup. The vulnerability was identified through automated fuzzing by syzbot, which detected the memory leak pattern during socket closure operations. The problem affects systems utilizing virtualization technologies where vsock communication is prevalent, particularly in cloud environments and virtual machine management scenarios where socket resources are frequently created and destroyed.
The technical flaw stems from incomplete cleanup procedures during socket termination within the virtio transport layer of the vsock subsystem. While a previous fix in commit ac03046ece2b addressed packet freeing during socket release, it failed to account for draining the receive queue when sockets are definitively closed through scheduled work processing. This oversight results in packets remaining in the RX queue that are never properly freed, causing progressive memory consumption. The vulnerability demonstrates a classic resource management issue where cleanup operations are not comprehensive, leaving residual data structures in memory that can accumulate over time and potentially lead to system performance degradation or resource exhaustion.
The operational impact of this vulnerability extends beyond simple memory consumption, as it represents a potential denial of service vector that could affect virtualized environments running multiple vsock connections. When systems experience progressive memory leaks due to unclosed socket resources, they may experience degraded performance, increased memory pressure, or even system instability under high load conditions. The vulnerability affects all Linux kernel versions that implement the vsock/virtio transport mechanism, making it particularly concerning for cloud providers and virtualization platforms that rely heavily on these communication channels. Attackers could potentially exploit this weakness by creating numerous socket connections and allowing them to close without proper cleanup, gradually consuming system resources until performance degrades significantly.
Mitigation strategies for CVE-2021-47024 involve applying the specific kernel patch that introduces the virtio_transport_remove_sock() function to ensure proper RX queue draining before socket removal from af_vsock lists. System administrators should prioritize updating to kernel versions containing the fix, which typically includes commit ac03046ece2b and the additional drain mechanism. Organizations running virtualized environments should implement monitoring for memory usage patterns that could indicate resource leaks, particularly in systems with high socket turnover. The fix aligns with established security practices for resource management and follows the principle of least privilege by ensuring proper cleanup of all allocated resources during socket lifecycle operations. This vulnerability also highlights the importance of comprehensive testing for cleanup operations, particularly in kernel subsystems where resource management is critical for system stability and security. The remediation approach follows industry standards for memory leak prevention and aligns with ATT&CK framework techniques related to system resource exploitation and memory management vulnerabilities.