CVE-2024-0443
MediumA flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.
CVSS 3.1 score
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness type
CWE-402CVE-2024-0443 is classified as CWE-402
See CWE-402 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2024-0443 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
-
Third Party Advisory
-
-
Third Party Advisory
-
Issue Tracking Third Party Advisory
-
Mailing List
Frequently asked questions
-
What is CVE-2024-0443?
CVE-2024-0443 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-0443 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2024-0443?
CVE-2024-0443 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2024-0443?
No patch is currently available for CVE-2024-0443. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2024-0443 actively exploited?
No — CVE-2024-0443 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.