{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41023", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.615Z", "datePublished": "2024-07-29T14:31:40.439Z", "dateUpdated": "2025-05-04T12:57:26.289Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:26.289Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n  comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n  object hex dump (first 32 bytes):\n    02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  debug hex dump (first 16 bytes):\n    53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\n  backtrace:\n    [<00000000046b6790>] dup_task_struct+0x30/0x540\n    [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n    [<00000000ced59777>] kernel_clone+0xb0/0x770\n    [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n    [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n    [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/deadline.c"], "versions": [{"version": "feff2e65efd8d84cf831668e182b2ce73c604bbb", "lessThan": "7a54d31face626f62de415ebe77b43f76c3ffaf4", "status": "affected", "versionType": "git"}, {"version": "feff2e65efd8d84cf831668e182b2ce73c604bbb", "lessThan": "b58652db66c910c2245f5bee7deca41c12d707b9", "status": "affected", "versionType": "git"}, {"version": "f0e1c1d8ff908a39dd42e723d08f104505dfa601", "status": "affected", "versionType": "git"}, {"version": "184c8ab5342450c4ae6fc5d937f9bb06c620dcf1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/sched/deadline.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.9.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.257"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.212"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}], "title": "sched/deadline: Fix task_struct reference leak", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.070Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:19.073103Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:04.883Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.070Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:19.073103Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.532Z"}}], "cna": {"title": "sched/deadline: Fix task_struct reference leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "feff2e65efd8d84cf831668e182b2ce73c604bbb", "lessThan": "7a54d31face626f62de415ebe77b43f76c3ffaf4", "versionType": "git"}, {"status": "affected", "version": "feff2e65efd8d84cf831668e182b2ce73c604bbb", "lessThan": "b58652db66c910c2245f5bee7deca41c12d707b9", "versionType": "git"}, {"status": "affected", "version": "f0e1c1d8ff908a39dd42e723d08f104505dfa601", "versionType": "git"}, {"status": "affected", "version": "184c8ab5342450c4ae6fc5d937f9bb06c620dcf1", "versionType": "git"}], "programFiles": ["kernel/sched/deadline.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.9.10", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/sched/deadline.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n  comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n  object hex dump (first 32 bytes):\n    02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  debug hex dump (first 16 bytes):\n    53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\n  backtrace:\n    [<00000000046b6790>] dup_task_struct+0x30/0x540\n    [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n    [<00000000ced59777>] kernel_clone+0xb0/0x770\n    [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n    [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n    [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.10", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.19.257"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.4.212"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:26.289Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41023", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:57:26.289Z", "dateReserved": "2024-07-12T12:17:45.615Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:31:40.439Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n  comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n  object hex dump (first 32 bytes):\n    02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  debug hex dump (first 16 bytes):\n    53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\n  backtrace:\n    [<00000000046b6790>] dup_task_struct+0x30/0x540\n    [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n    [<00000000ced59777>] kernel_clone+0xb0/0x770\n    [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n    [<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n    [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: sched/deadline: Reparar fuga de referencia de task_struct Durante la ejecuci\u00f3n de la siguiente prueba de estr\u00e9s con linux-rt: estr\u00e9s-ng --ciclic 30 --timeout 30 --minimize --quiet kmemleak inform\u00f3 con frecuencia una p\u00e9rdida de memoria relacionada con task_struct: objeto sin referencia 0xffff8881305b8000 (tama\u00f1o 16136): comm \"stress-ng\", pid 614, jiffies 4294883961 (edad 286.412 s) volcado hexadecimal de objeto (primeros 32 bytes): 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ volcado hexadecimal de depuraci\u00f3n (primeros 16 bytes): 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S............... rastreo inverso : [&lt;00000000046b6790&gt;] dup_task_struct+0x30/0x540 [&lt;00000000c5ca0f0b&gt;] copy_process+0x3d9/0x50e0 [&lt;00000000ced59777&gt;] kernel_clone+0xb0/0x770 [&lt;00000000a50befd c&gt;] __do_sys_clone+0xb6/0xf0 [&lt;000000001dbf2008&gt;] do_syscall_64+0x5d/ 0xf0 [&lt;00000000552900ff&gt;] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 El problema ocurre en start_dl_timer(), que incrementa el recuento de referencias de task_struct y establece un temporizador. Se supone que la devoluci\u00f3n de llamada del temporizador, dl_task_timer, disminuye el recuento de referencia al expirar. Sin embargo, si se llama a enqueue_task_dl() antes de que expire el temporizador y lo cancela, el recuento de referencias no disminuye, lo que provoca la fuga. Este parche corrige la fuga de referencia al garantizar que el recuento de referencias de task_struct disminuya correctamente cuando se cancela el temporizador."}], "id": "CVE-2024-41023", "lastModified": "2024-11-21T09:32:05.223", "metrics": {}, "published": "2024-07-29T15:15:11.200", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:10262", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.81.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-11-26T00:00:00Z"}, {"advisory": "RHSA-2024:6744", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.84.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6745", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.84.1.rt14.369.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:9546", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.44.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}], "bugzilla": {"description": "kernel: sched/deadline: Fix task_struct reference leak", "id": "2300381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300381"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsched/deadline: Fix task_struct reference leak\nDuring the execution of the following stress test with linux-rt:\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\nkmemleak frequently reported a memory leak concerning the task_struct:\nunreferenced object 0xffff8881305b8000 (size 16136):\ncomm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\nobject hex dump (first 32 bytes):\n02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00  .@..............\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\ndebug hex dump (first 16 bytes):\n53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00  S...............\nbacktrace:\n[<00000000046b6790>] dup_task_struct+0x30/0x540\n[<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0\n[<00000000ced59777>] kernel_clone+0xb0/0x770\n[<00000000a50befdc>] __do_sys_clone+0xb6/0xf0\n[<000000001dbf2008>] do_syscall_64+0x5d/0xf0\n[<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.", "A vulnerability was found in the Linux kernel's deadline scheduler in the enqueue_task_dl() function, where the reference count is improperly decremented in certain situations, potentially causing a memory leak. This issue can lead to memory exhaustion over time."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41023\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41023\nhttps://lore.kernel.org/linux-cve-announce/2024072917-CVE-2024-41023-32a0@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-401: Missing Release of Memory after Effective Lifetime vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\nThe platform enforces hardening guidelines to apply the most restrictive configurations necessary for operational requirements. Baseline and configuration setting controls ensure secure system and software configurations, while least functionality reduces the attack surface and minimizes the risk of resource exhaustion from memory leaks. \nThe environment employs malicious code protections such as IDS/IPS and antimalware solutions to detect threats and provide real-time visibility into memory usage, helping prevent memory management issues before they lead to system crashes or exhaustion. Event logs are collected and analyzed for correlation, monitoring, alerting, and retention, supporting the detection of abnormal memory usage patterns that may indicate potential leaks. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the risk of input-based denial-of-service (DoS) attacks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are implemented to strengthen defenses against memory allocation vulnerabilities.", "threat_severity": "Moderate"}