tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
CVE-2024-36904
Key Information:
Badges
What is CVE-2024-36904?
CVE-2024-36904 is a significant vulnerability found in the Linux kernel, specifically affecting TCP socket handling. This vulnerability arises from a use-after-free condition in the function that manages unique TCP time-wait sockets. If exploited, it could allow an attacker to manipulate socket references in a way that might compromise system stability and integrity. As the Linux kernel forms the backbone of various operating systems and cloud infrastructures, this vulnerability poses a critical risk to organizations relying on Linux-based systems.
Technical Details
The vulnerability originates in the tcp_twsk_unique() function where a race condition can occur due to improper reference counting of TCP time-wait sockets. When the socket management process sets the socket reference count after its inclusion in a hash table, it creates a small window of opportunity for other threads. These threads could initiate a connection and call sock_hold() for the time-wait socket with a zero reference count. As a result, this improper reference handling can lead to an underflow when sock_put() is subsequently called, manifesting as a use-after-free error elsewhere in the system.
Potential Impact of CVE-2024-36904
-
System Instability: Exploiting this vulnerability could lead to random crashes or instability in network applications or even the kernel itself, significantly disrupting services.
-
Remote Code Execution: Attackers could potentially leverage this vulnerability to execute arbitrary code in the context of a vulnerable system, allowing extensive control over networked systems.
-
Increased Attack Surface: This vulnerability may facilitate further exploitation techniques, allowing attackers to escalate privileges or gain unauthorized access to sensitive data or network configurations.
Affected Version(s)
Linux ec94c2696f0bcd5ae92a553244e4ac30d2171a2d < 84546cc1aeeb4df3e444b18a4293c9823f974be9
Linux ec94c2696f0bcd5ae92a553244e4ac30d2171a2d < 1796ca9c6f5bd50554214053af5f47d112818ee3
Linux ec94c2696f0bcd5ae92a553244e4ac30d2171a2d < 1d9cf07810c30ef7948879567d10fd1f01121d34
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
CybersecurityNewsCVE-2024-36904PoC Exploit Released for Use-after-free Linux Kernel Vulnerability
Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability.
GBHackers NewsCVE-2024-36904PoC Exploit Released for Linux Kernel Use-After-Free Vulnerability
A proof-of-concept (PoC) exploit has been released for a use-after-free vulnerability in the Linux kernel, identified as CVE-2024-36904.
CybersecurityNewsCVE-2024-36904Seven Years Old Linux Kernel Vulnerability Let Attackers Execute Remote Code
Researchers have uncovered a critical flaw in the Linux kernel that could allow attackers to execute remote code.ย
References
Timeline
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved