vulnerability

Debian: CVE-2023-53136: linux -- security update

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
May 2, 2025
Added
May 5, 2025
Modified
May 6, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

af_unix: fix struct pid leaks in OOB support

syzbot reported struct pid leak [1].

Issue is that queue_oob() calls maybe_add_creds() which potentially
holds a reference on a pid.

But skb->destructor is not set (either directly or by calling
unix_scm_to_skb())

This means that subsequent kfree_skb() or consume_skb() would leak
this reference.

In this fix, I chose to fully support scm even for the OOB message.

[1]
BUG: memory leak
unreferenced object 0xffff8881053e7f80 (size 128):
comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] alloc_pid+0x6a/0x560 kernel/pid.c:180
[] copy_process+0x169f/0x26c0 kernel/fork.c:2285
[] kernel_clone+0xf7/0x610 kernel/fork.c:2684
[] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825
[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
[] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Solution

debian-upgrade-linux
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.