In the Linux kernel, the following vulnerability has been resolved:
mm/damon/dbgfs: fix ‘struct pid’ leaks in ‘dbgfs_target_ids_write()’
DAMON debugfs interface increases the reference counts of 'struct pid’s
for targets from the ‘target_ids’ file write callback
(‘dbgfs_target_ids_write()’), but decreases the counts only in DAMON
monitoring termination callback (‘dbgfs_before_terminate()’).
Therefore, when ‘target_ids’ file is repeatedly written without DAMON
monitoring start/termination, the reference count is not decreased and
therefore memory for the ‘struct pid’ cannot be freed. This commit
fixes this issue by decreasing the reference counts when ‘target_ids’ is
written.
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "4bc05954d007",
"lessThan": "ffe4a1ba1a82",
"versionType": "git"
},
{
"status": "affected",
"version": "4bc05954d007",
"lessThan": "ebb3f994dd92",
"versionType": "git"
}
],
"programFiles": [
"mm/damon/dbgfs.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"status": "unaffected",
"version": "0",
"lessThan": "5.15",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.15.13",
"versionType": "custom",
"lessThanOrEqual": "5.15.*"
},
{
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"mm/damon/dbgfs.c"
],
"defaultStatus": "affected"
}
]