CVE-2024-53119
📋 TL;DR
A memory leak vulnerability in the Linux kernel's virtio/vsock subsystem allows unremoved sockets to accumulate in the accept_queue during socket destruction. This affects systems using virtio vsock communication, particularly virtualized environments and containers. The vulnerability can lead to kernel memory exhaustion over time.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.
Likely Case
Gradual memory leak leading to performance degradation and potential system instability over time in systems with high vsock connection churn.
If Mitigated
Minimal impact with proper monitoring and memory limits in place; memory would eventually be reclaimed after system restart.
🎯 Exploit Status
Exploitation requires ability to create vsock connections; typically requires local access or ability to communicate via vsock from within a VM/container.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (see references for specific commits)
Vendor Advisory: https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. For custom kernels, apply the fix commit to your kernel source. 3. Recompile and install the updated kernel. 4. Reboot the system.
🔧 Temporary Workarounds
Disable virtio vsock
linuxDisable the virtio vsock module if not required for your workload
echo 'blacklist virtio_vsock' > /etc/modprobe.d/blacklist-virtio-vsock.conf
rmmod virtio_vsock
Limit vsock connections
linuxImplement connection rate limiting and monitoring for vsock usage
# Monitor vsock connections: ss -a | grep vsock
# Implement connection limits in application code
🧯 If You Can't Patch
- Monitor kernel memory usage and system logs for signs of memory exhaustion
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if virtio_vsock module is loaded: lsmod | grep virtio_vsock && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commit or check with distribution vendor for patched kernel📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Increasing kernel memory usage in /proc/meminfo
- System instability or performance degradation
Network Indicators:
- Unusual vsock connection patterns
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR "vsock")🔗 References
- https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379
- https://git.kernel.org/stable/c/4310902c766e371359e6c6311056ae80b5beeac9
- https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549
- https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813
- https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f
- https://git.kernel.org/stable/c/e26fa236758e8baa61a82cfd9fd4388d2e8d6a4c
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
