Upstream information

CVE-2021-47011 at MITRE

Description

In the Linux kernel, the following vulnerability has been resolved:

mm: memcontrol: slab: fix obtain a reference to a freeing memcg

Patch series "Use obj_cgroup APIs to charge kmem pages", v5.

Since Roman's series "The new cgroup slab memory controller" applied.
All slab objects are charged with the new APIs of obj_cgroup. The new
APIs introduce a struct obj_cgroup to charge slab objects. It prevents
long-living objects from pinning the original memory cgroup in the
memory. But there are still some corner objects (e.g. allocations
larger than order-1 page on SLUB) which are not charged with the new
APIs. Those objects (include the pages which are allocated from buddy
allocator directly) are charged as kmem pages which still hold a
reference to the memory cgroup.

E.g. We know that the kernel stack is charged as kmem pages because the
size of the kernel stack can be greater than 2 pages (e.g. 16KB on
x86_64 or arm64). If we create a thread (suppose the thread stack is
charged to memory cgroup A) and then move it from memory cgroup A to
memory cgroup B. Because the kernel stack of the thread hold a
reference to the memory cgroup A. The thread can pin the memory cgroup
A in the memory even if we remove the cgroup A. If we want to see this
scenario by using the following script. We can see that the system has
added 500 dying cgroups (This is not a real world issue, just a script
to show that the large kmallocs are charged as kmem pages which can pin
the memory cgroup in the memory).

#!/bin/bash

cat /proc/cgroups | grep memory

cd /sys/fs/cgroup/memory
echo 1 > memory.move_charge_at_immigrate

for i in range{1..500}
do
mkdir kmem_test
echo $$ > kmem_test/cgroup.procs
sleep 3600 &
echo $$ > cgroup.procs
echo `cat kmem_test/cgroup.procs` > cgroup.procs
rmdir kmem_test
done

cat /proc/cgroups | grep memory

This patchset aims to make those kmem pages to drop the reference to
memory cgroup by using the APIs of obj_cgroup. Finally, we can see that
the number of the dying cgroups will not increase if we run the above test
script.

This patch (of 7):

The rcu_read_lock/unlock only can guarantee that the memcg will not be
freed, but it cannot guarantee the success of css_get (which is in the
refill_stock when cached memcg changed) to memcg.

rcu_read_lock()
memcg = obj_cgroup_memcg(old)
__memcg_kmem_uncharge(memcg)
refill_stock(memcg)
if (stock->cached != memcg)
// css_get can change the ref counter from 0 back to 1.
css_get(&memcg->css)
rcu_read_unlock()

This fix is very like the commit:

eefbfa7fd678 ("mm: memcg/slab: fix use after free in obj_cgroup_charge")

Fix this by holding a reference to the memcg which is passed to the
__memcg_kmem_uncharge() before calling __memcg_kmem_uncharge().

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1220793 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification. The updates are grouped by state of their lifecycle. SUSE product lifecycles are documented on the lifecycle page.

Product(s) Source package State
Products under general support and receiving all security fixes.
SUSE Linux Enterprise Desktop 15 SP5 kernel-default Not affected
SUSE Linux Enterprise Desktop 15 SP5 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP5 kernel-default Not affected
SUSE Linux Enterprise High Performance Computing 15 SP5 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS kernel-source Not affected
SUSE Linux Enterprise Micro 5.1 kernel-default Not affected
SUSE Linux Enterprise Micro 5.1 kernel-rt Not affected
SUSE Linux Enterprise Micro 5.1 kernel-source-rt Not affected
SUSE Linux Enterprise Micro 5.2 kernel-default Not affected
SUSE Linux Enterprise Micro 5.2 kernel-rt Not affected
SUSE Linux Enterprise Micro 5.2 kernel-source-rt Not affected
SUSE Linux Enterprise Micro 5.3 kernel-default Not affected
SUSE Linux Enterprise Micro 5.3 kernel-rt Not affected
SUSE Linux Enterprise Micro 5.3 kernel-source-rt Not affected
SUSE Linux Enterprise Micro 5.4 kernel-default Not affected
SUSE Linux Enterprise Micro 5.4 kernel-rt Not affected
SUSE Linux Enterprise Micro 5.4 kernel-source-rt Not affected
SUSE Linux Enterprise Micro 5.5 kernel-source-rt Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP5 kernel-default Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP5 kernel-source Not affected
SUSE Linux Enterprise Module for Development Tools 15 SP5 kernel-default Not affected
SUSE Linux Enterprise Module for Development Tools 15 SP5 kernel-source Not affected
SUSE Linux Enterprise Module for Public Cloud 15 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise Real Time 15 SP5 kernel-source-rt Not affected
SUSE Linux Enterprise Server 15 SP5 kernel-default Not affected
SUSE Linux Enterprise Server 15 SP5 kernel-source Not affected
SUSE Linux Enterprise Server 15 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise Server 15 SP5-LTSS kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP5 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP5 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP5 kernel-source-azure Not affected
SUSE Manager Proxy 4.3 kernel-default Not affected
SUSE Manager Proxy 4.3 kernel-source Not affected
SUSE Manager Proxy 4.3 kernel-source-azure Not affected
SUSE Manager Retail Branch Server 4.3 kernel-default Not affected
SUSE Manager Retail Branch Server 4.3 kernel-source Not affected
SUSE Manager Retail Branch Server 4.3 kernel-source-azure Not affected
SUSE Manager Server 4.3 kernel-default Not affected
SUSE Manager Server 4.3 kernel-source Not affected
SUSE Manager Server 4.3 kernel-source-azure Not affected
SUSE Real Time Module 15 SP5 kernel-source-rt Not affected
openSUSE Leap 15.5 kernel-source Not affected
openSUSE Leap 15.5 kernel-source-azure Not affected
openSUSE Leap 15.5 kernel-source-rt Not affected
Products under Long Term Service Pack support and receiving important and critical security fixes.
SUSE Linux Enterprise Desktop 15 SP4 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 12 SP5 kernel-default Not affected
SUSE Linux Enterprise High Performance Computing 12 SP5 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 12 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise High Performance Computing 15 SP2 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP2 kernel-source-azure Not affected
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS kernel-default Not affected
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3 kernel-source-azure Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-default Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP4 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP4 kernel-source-azure Not affected
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS kernel-default Not affected
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS kernel-default Not affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS kernel-source Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP2 kernel-source Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP3 kernel-source Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP4 kernel-source Not affected
SUSE Linux Enterprise Module for Development Tools 15 SP2 kernel-source Not affected
SUSE Linux Enterprise Module for Development Tools 15 SP3 kernel-source Not affected
SUSE Linux Enterprise Module for Development Tools 15 SP4 kernel-source Not affected
SUSE Linux Enterprise Module for Public Cloud 15 SP4 kernel-source-azure Not affected
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default Not affected
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-source Not affected
SUSE Linux Enterprise Server 12 SP5 kernel-default Not affected
SUSE Linux Enterprise Server 12 SP5 kernel-source Not affected
SUSE Linux Enterprise Server 12 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise Server 12 SP5-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP5-LTSS kernel-source-azure Not affected
SUSE Linux Enterprise Server 15 SP2 kernel-source Not affected
SUSE Linux Enterprise Server 15 SP2 kernel-source-azure Not affected
SUSE Linux Enterprise Server 15 SP2-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 15 SP2-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 15 SP3 kernel-source Not affected
SUSE Linux Enterprise Server 15 SP3 kernel-source-azure Not affected
SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 15 SP3-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 15 SP4 kernel-source Not affected
SUSE Linux Enterprise Server 15 SP4 kernel-source-azure Not affected
SUSE Linux Enterprise Server 15 SP4-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 15 SP4-LTSS kernel-source Not affected
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-source Not affected
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-source-azure Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP2 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP2 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP2 kernel-source-azure Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-source-azure Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP4 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP4 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP4 kernel-source-azure Not affected
Products past their end of life and not receiving proactive updates anymore.
HPE Helion OpenStack 8 kernel-source Not affected
SUSE CaaS Platform 4.0 kernel-source Not affected
SUSE CaaS Platform Toolchain 3 kernel-source Not affected
SUSE Enterprise Storage 6 kernel-source Not affected
SUSE Enterprise Storage 7 kernel-source Not affected
SUSE Enterprise Storage 7 kernel-source-azure Not affected
SUSE Enterprise Storage 7.1 kernel-default Not affected
SUSE Enterprise Storage 7.1 kernel-source Not affected
SUSE Enterprise Storage 7.1 kernel-source-azure Not affected
SUSE Linux Enterprise Desktop 11 SP4 kernel-source Not affected
SUSE Linux Enterprise Desktop 12 SP2 kernel-source Not affected
SUSE Linux Enterprise Desktop 12 SP3 kernel-source Not affected
SUSE Linux Enterprise Desktop 12 SP4 kernel-source Not affected
SUSE Linux Enterprise Desktop 15 kernel-source Not affected
SUSE Linux Enterprise Desktop 15 SP1 kernel-source Not affected
SUSE Linux Enterprise Desktop 15 SP2 kernel-source Not affected
SUSE Linux Enterprise Desktop 15 SP3 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP1 kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15-ESPOS kernel-source Not affected
SUSE Linux Enterprise High Performance Computing 15-LTSS kernel-source Not affected
SUSE Linux Enterprise Micro 5.0 kernel-default Not affected
SUSE Linux Enterprise Module for Basesystem 15 kernel-source Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP1 kernel-source Not affected
SUSE Linux Enterprise Module for Development Tools 15 kernel-source Not affected
SUSE Linux Enterprise Module for Development Tools 15 SP1 kernel-source Not affected
SUSE Linux Enterprise Module for Public Cloud 15 SP2 kernel-source-azure Not affected
SUSE Linux Enterprise Module for Public Cloud 15 SP3 kernel-source-azure Not affected
SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT kernel-source Not affected
SUSE Linux Enterprise Real Time 12 SP5 kernel-source-rt Not affected
SUSE Linux Enterprise Real Time 15 SP2 kernel-source Not affected
SUSE Linux Enterprise Real Time 15 SP3 kernel-source Not affected
SUSE Linux Enterprise Real Time 15 SP3 kernel-source-rt Not affected
SUSE Linux Enterprise Real Time 15 SP4 kernel-source Not affected
SUSE Linux Enterprise Real Time 15 SP4 kernel-source-rt Not affected
SUSE Linux Enterprise Server 11 SP4 kernel-source Not affected
SUSE Linux Enterprise Server 11 SP4 LTSS kernel-default Not affected
SUSE Linux Enterprise Server 11 SP4 LTSS kernel-source Not affected
SUSE Linux Enterprise Server 11 SP4-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP2 kernel-source Not affected
SUSE Linux Enterprise Server 12 SP2-BCL kernel-source Not affected
SUSE Linux Enterprise Server 12 SP2-ESPOS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP2-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 12 SP2-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP3 kernel-source Not affected
SUSE Linux Enterprise Server 12 SP3-BCL kernel-source Not affected
SUSE Linux Enterprise Server 12 SP3-ESPOS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP3-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP4 kernel-source Not affected
SUSE Linux Enterprise Server 12 SP4-ESPOS kernel-source Not affected
SUSE Linux Enterprise Server 12 SP4-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 12 SP4-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 15 kernel-source Not affected
SUSE Linux Enterprise Server 15 SP1 kernel-source Not affected
SUSE Linux Enterprise Server 15 SP1-BCL kernel-source Not affected
SUSE Linux Enterprise Server 15 SP1-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 15 SP1-LTSS kernel-source Not affected
SUSE Linux Enterprise Server 15 SP2-BCL kernel-source Not affected
SUSE Linux Enterprise Server 15 SP3-BCL kernel-source Not affected
SUSE Linux Enterprise Server 15-LTSS kernel-default Not affected
SUSE Linux Enterprise Server 15-LTSS kernel-source Not affected
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP2 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP2 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-default Not affected
SUSE Linux Enterprise Server for SAP Applications 12 SP4 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 kernel-source Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP1 kernel-source Not affected
SUSE Manager Proxy 4.0 kernel-source Not affected
SUSE Manager Proxy 4.1 kernel-source Not affected
SUSE Manager Proxy 4.1 kernel-source-azure Not affected
SUSE Manager Proxy 4.2 kernel-source Not affected
SUSE Manager Proxy 4.2 kernel-source-azure Not affected
SUSE Manager Retail Branch Server 4.0 kernel-source Not affected
SUSE Manager Retail Branch Server 4.1 kernel-source Not affected
SUSE Manager Retail Branch Server 4.1 kernel-source-azure Not affected
SUSE Manager Retail Branch Server 4.2 kernel-source Not affected
SUSE Manager Retail Branch Server 4.2 kernel-source-azure Not affected
SUSE Manager Server 4.0 kernel-source Not affected
SUSE Manager Server 4.1 kernel-source Not affected
SUSE Manager Server 4.1 kernel-source-azure Not affected
SUSE Manager Server 4.2 kernel-source Not affected
SUSE Manager Server 4.2 kernel-source-azure Not affected
SUSE OpenStack Cloud 7 kernel-source Not affected
SUSE OpenStack Cloud 8 kernel-source Not affected
SUSE OpenStack Cloud 9 kernel-default Not affected
SUSE OpenStack Cloud 9 kernel-source Not affected
SUSE OpenStack Cloud Crowbar 8 kernel-source Not affected
SUSE OpenStack Cloud Crowbar 9 kernel-default Not affected
SUSE OpenStack Cloud Crowbar 9 kernel-source Not affected
SUSE Real Time Module 15 SP3 kernel-source-rt Not affected
SUSE Real Time Module 15 SP4 kernel-source-rt Not affected
openSUSE Leap 15.3 kernel-source Not affected
openSUSE Leap 15.3 kernel-source-azure Not affected
openSUSE Leap 15.3 kernel-source-rt Not affected
openSUSE Leap 15.4 kernel-source Not affected
openSUSE Leap 15.4 kernel-source-azure Not affected
openSUSE Leap 15.4 kernel-source-rt Not affected


SUSE Timeline for this CVE

CVE page created: Wed Feb 28 11:01:02 2024
CVE page last modified: Fri Dec 20 23:42:38 2024