CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
In the Linux kernel, the following vulnerability has been resolved:
sctp: Fix null-ptr-deref in reuseport_add_sock().
syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in
reuseport_add_sock(). [0]
The repro first creates a listener with SO_REUSEPORT. Then, it creates
another listener on the same port and concurrently closes the first
listener.
The second listen() calls reuseport_add_sock() with the first listener as
sk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,
but the close() does clear it by reuseport_detach_sock().
The problem is SCTP does not properly synchronise reuseport_alloc(),
reuseport_add_sock(), and reuseport_detach_sock().
The caller of reuseport_alloc() and reuseport_{add,detach}_sock() must
provide synchronisation for sockets that are classified into the same
reuseport group.
Otherwise, such sockets form multiple identical reuseport groups, and
all groups except one would be silently dead.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (6.11-rc3)
git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5
git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84
git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c
git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928
git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18
git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7
git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913
launchpad.net/bugs/cve/CVE-2024-44935
nvd.nist.gov/vuln/detail/CVE-2024-44935
security-tracker.debian.org/tracker/CVE-2024-44935
www.cve.org/CVERecord?id=CVE-2024-44935