Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-56553

Disclosure Date: December 27, 2024 •

CVE-2024-56553 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

binder: fix memleak of proc->delivered_freeze

If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION
before calling binder_freeze_notification_done(), then it is detached
from its reference (e.g. ref->freeze) but the work remains queued in
proc->delivered_freeze. This leads to a memory leak when the process
exits as any pending entries in proc->delivered_freeze are not freed:

unreferenced object 0xffff38e8cfa36180 (size 64):

comm "binder-util", pid 655, jiffies 4294936641
hex dump (first 32 bytes):
  b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff  .....8.......8..
  0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00  ........<.K.....
backtrace (crc 95983b32):
  [<000000000d0582cf>] kmemleak_alloc+0x34/0x40
  [<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280
  [<00000000313b1704>] binder_thread_write+0xdec/0x439c
  [<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc
  [<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190
  [<00000000b439adee>] invoke_syscall+0x6c/0x254
  [<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230
  [<0000000084f72311>] do_el0_svc+0x40/0x58
  [<000000008b872457>] el0_svc+0x38/0x78
  [<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c
  [<00000000a8ec61bf>] el0t_64_sync+0x190/0x194

This patch fixes the leak by ensuring that any pending entries in
proc->delivered_freeze are freed during binder_deferred_release().

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

References

Canonical

CVE-2024-56553 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56553)

Miscellaneous

https://git.kernel.org/stable/c/b8b77712142fb146fe18d2253bc8a798d522e427

https://git.kernel.org/stable/c/1db76ec2b4b206ff943e292a0b55e68ff3443598

Rapid7

Unknown

CVE-2024-56553

Unknown

Unknown

None

Low

Local

CVE-2024-56553

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-56553

Unknown

Unknown

None

Low

Local

CVE-2024-56553

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification