Linux Kernel up to 6.12.3 binder_freeze_notification_done memory leak

Summaryinfo

A vulnerability has been found in Linux Kernel up to 6.12.3 and classified as problematic. This vulnerability affects the function binder_freeze_notification_done. The manipulation leads to memory leak. This vulnerability is listed as CVE-2024-56553. There is no available exploit. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.3. This issue affects the function binder_freeze_notification_done. The manipulation with an unknown input leads to a memory leak vulnerability. Using CWE to declare the problem leads to CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. Impacted is availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc->delivered_freeze If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION before calling binder_freeze_notification_done(), then it is detached from its reference (e.g. ref->freeze) but the work remains queued in proc->delivered_freeze. This leads to a memory leak when the process exits as any pending entries in proc->delivered_freeze are not freed: unreferenced object 0xffff38e8cfa36180 (size 64): comm "binder-util", pid 655, jiffies 4294936641 hex dump (first 32 bytes): b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8.. 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K..... backtrace (crc 95983b32): [] kmemleak_alloc+0x34/0x40 [] __kmalloc_cache_noprof+0x208/0x280 [] binder_thread_write+0xdec/0x439c [] binder_ioctl+0x1b68/0x22cc [] __arm64_sys_ioctl+0x124/0x190 [] invoke_syscall+0x6c/0x254 [] el0_svc_common.constprop.0+0xac/0x230 [] do_el0_svc+0x40/0x58 [] el0_svc+0x38/0x78 [] el0t_64_sync_handler+0x120/0x12c [] el0t_64_sync+0x190/0x194 This patch fixes the leak by ensuring that any pending entries in proc->delivered_freeze are freed during binder_deferred_release().

It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2024-56553 since 12/27/2024. The exploitation is known to be difficult. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 246393 (Linux Distros Unpatched Vulnerability : CVE-2024-56553), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.12.4 eliminates this vulnerability. Applying the patch b8b77712142fb146fe18d2253bc8a798d522e427/1db76ec2b4b206ff943e292a0b55e68ff3443598 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (246393) and CERT Bund (WID-SEC-2024-3762). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• RESF Rocky Linux
• Dell NetWorker
• Dell Avamar
• Red Hat OpenShift
• IBM QRadar SIEM
• Dell PowerProtect Data Domain
• Open Source Linux Kernel
• IBM DataPower Gateway
• Dell Secure Connect Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.12.0
• 6.12.1
• 6.12.2
• 6.12.3

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion