vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-41001): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Jul 12, 2024
Added
Sep 12, 2024
Modified
Aug 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

io_uring/sqpoll: work around a potential audit memory leak

kmemleak complains that there's a memory leak related to connect
handling:

unreferenced object 0xffff0001093bdf00 (size 128):
comm "iou-sqp-455", pid 457, jiffies 4294894164
hex dump (first 32 bytes):
02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 2e481b1a):
[<00000000c0a26af4>] kmemleak_alloc+0x30/0x38
[<000000009c30bb45>] kmalloc_trace+0x228/0x358
[<000000009da9d39f>] __audit_sockaddr+0xd0/0x138
[<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8
[<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4
[<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48
[<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4
[<00000000d999b491>] ret_from_fork+0x10/0x20

which can can happen if:

1) The command type does something on the prep side that triggers an
audit call.
2) The thread hasn't done any operations before this that triggered
an audit call inside ->issue(), where we have audit_uring_entry()
and audit_uring_exit().

Work around this by issuing a blanket NOP operation before the SQPOLL
does anything.

Solutions

ubuntu-upgrade-linux-image-6-8-0-1010-gkeubuntu-upgrade-linux-image-6-8-0-1011-raspiubuntu-upgrade-linux-image-6-8-0-1012-ibmubuntu-upgrade-linux-image-6-8-0-1012-oemubuntu-upgrade-linux-image-6-8-0-1012-oracleubuntu-upgrade-linux-image-6-8-0-1012-oracle-64kubuntu-upgrade-linux-image-6-8-0-1013-nvidiaubuntu-upgrade-linux-image-6-8-0-1013-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1014-azureubuntu-upgrade-linux-image-6-8-0-1014-azure-fdeubuntu-upgrade-linux-image-6-8-0-1014-gcpubuntu-upgrade-linux-image-6-8-0-1015-awsubuntu-upgrade-linux-image-6-8-0-44-genericubuntu-upgrade-linux-image-6-8-0-44-generic-64kubuntu-upgrade-linux-image-6-8-0-44-lowlatencyubuntu-upgrade-linux-image-6-8-0-44-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-45-genericubuntu-upgrade-linux-image-6-8-0-45-generic-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today