CVE-2024-0443: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-0443 is a vulnerability discovered in the Linux kernel's block/blk-cgroup.c file, specifically in the blkgs destruction path. The vulnerability was disclosed on January 11, 2024, affecting Linux kernel versions from 6.2 up to (excluding) 6.4, including release candidates RC1 through RC6. The flaw leads to a cgroup blkio memory leakage problem when a cgroup is being destroyed (NVD, Red Hat).

The vulnerability occurs due to a circular dependency in the cgroup destruction process. When a cgroup is being destroyed, the cgrouprstatflush() function is only called at cssreleasework_fn(), which is triggered when the blkcg reference count reaches zero. This circular dependency prevents blkcg and some blkgs from being freed after they are made offline. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Linux Kernel Mailing List).

The vulnerability can allow an attacker with local access to cause system instability, particularly in the form of out-of-memory errors. The issue is particularly problematic if block is the only controller using rstat, as offline blkcg and blkgs may never be freed, leading to continuous memory leaks over time (NVD).

The issue has been fixed in Linux kernel version 6.4 and backported to various distribution kernels. The fix involves adding a new cgrouprstatcsscpuflush() function to flush stats for a given css and cpu, which is called at blkgs destruction path whenever there are pending stats to be flushed. This releases the references to blkgs, allowing them to be freed and indirectly enabling the freeing of blkcg (Linux Kernel Mailing List).