CVE-2024-49864
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix a race between socket set up and I/O thread creation
In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in which a packet may come into rxrpc_encap_rcv() from the UDP packet but we oops when trying to wake the not-yet created I/O thread.
As a quick fix, just make rxrpc_encap_rcv() discard the packet if there's no I/O thread yet.
A better, but more intrusive fix would perhaps be to rearrange things such that the socket creation is done by the I/O thread.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a275da62e8c111b897b9cb73eb91df2f4e475ca5 < cdf4bbbdb956d7426f687f38757ebca2a2759a0f | affected |
| Linux | Linux | a275da62e8c111b897b9cb73eb91df2f4e475ca5 < 56e415202b8a17de6496f4023e545fcb66f118ec | affected |
| Linux | Linux | a275da62e8c111b897b9cb73eb91df2f4e475ca5 < c64f5fc95e9612fdf75587c8e21e494e614c18e2 | affected |
| Linux | Linux | a275da62e8c111b897b9cb73eb91df2f4e475ca5 < bc212465326e8587325f520a052346f0b57360e6 | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/cdf4bbbdb956d7426f687f38757ebca2a2759a0f
- https://git.kernel.org/stable/c/56e415202b8a17de6496f4023e545fcb66f118ec
- https://git.kernel.org/stable/c/c64f5fc95e9612fdf75587c8e21e494e614c18e2
- https://git.kernel.org/stable/c/bc212465326e8587325f520a052346f0b57360e6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.