CVE-2024-56613: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was discovered in the Linux kernel's NUMA scheduler component, identified as CVE-2024-56613. The issue was found when running the hackbench program of LTP, where multiple memory leaks were reported by kmemleak. The vulnerability affects Linux kernel versions from 6.4 up to (excluding) 6.6.66 and from 6.7 up to (excluding) 6.12.5 (NVD).

The vulnerability occurs due to a race condition in the NUMA scheduler where multiple threads can simultaneously access a shared VMA (Virtual Memory Area). When two or more cores observe that vma->numab_state is NULL at the same time, vma->numab_state can be overwritten. Although the code ensures single-thread scanning in a 'numa_scan_period', there's a possibility for another thread to enter in the next period before numab_state allocation is complete. The issue has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability results in memory leaks in the system. When exploited, it can lead to resource exhaustion as memory allocated for numab_state structures is not properly freed, potentially affecting system stability and performance (NVD).

The vulnerability has been patched by implementing a cmpxchg atomic operation to ensure that only one thread executes the vma->numab_state assignment. The fix has been incorporated into the Linux kernel through multiple patches (Kernel Patch, Stable Patch 1, Stable Patch 2).