Exploit Report

Computer Security And Bug Information

CVE-2024-36971

CVECVE-2024-36971
CVE Title
Published Date2024-06-10T09:15Z
Modified Date2024-06-12T15:43Z
CWE TypeCWE-416
CVSS 3.xCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
DescriptionIn the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e
Reference Description https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e
Reference URLhttps://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc
Reference Description https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc
TagsPatch
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles