Linux kernel: Fix for UAF vulnerability in __dst_negative_advice()
CVE-2024-36971
Key Information:
- Vendor
- Linux
- Status
- Linux
- Vendor
- CVE Published:
- 10 June 2024
Badges
What is CVE-2024-36971?
CVE-2024-36971 is a vulnerability identified in the Linux kernel, specifically in the function responsible for managing destination cache advice. This flaw represents a use-after-free (UAF) vulnerability that may allow an attacker to exploit improper handling of the sk->dst_cache variable during certain operations. Failure to follow proper rules in memory management can lead to potentially severe consequences for organizations relying on the Linux kernel, as this could result in system instability, unauthorized access, or execution of malicious code.
Technical Details
The vulnerability stems from improper implementation of Read-Copy-Update (RCU) rules in the __dst_negative_advice() function. Specifically, the function does not clear the sk->dst_cache before attempting to release an associated destination object. As a result, if certain conditions are met, this can lead to instances where memory is accessed after it has been freed, creating potential points of exploitation. This incorrect order of operations is especially problematic since multiple methods rely on the correct execution of this function, calling for appropriate conditions before proceeding.
Impact of the Vulnerability
-
System Instability: The improper handling of memory can lead to unpredictable behavior in the Linux kernel, potentially causing crashes or degraded performance, affecting the reliability of mission-critical applications.
-
Potential for Exploitation: An attacker could exploit this vulnerability to gain unauthorized access to system resources, leading to potential data breaches or the ability to execute arbitrary code within the affected system.
-
Increased Risk of Malware Propagation: Given the nature of the Linux kernel's integral role in server environments, successful exploitation could allow for the spread of malware across networks, amplifying the threat to interconnected systems and organizational infrastructure.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Linux a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 < 051c0bde9f0450a2ec3d62a86d2a0d2fad117f13
Linux a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314
Linux a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 < 2295a7ef5c8c49241bff769e7826ef2582e532a6
News Articles
Google patches 46 Android bugs, including exploited kernel flaw
CVE-2024-36971 could enable remote code execution due to a use-after-free error.
2 months ago
Google Rolls Out Patch For Android Kernel Vulnerability
Google announced the company's August 2024 security patches for Android, including a high-severity zero-day vulnerability exploited in targeted attacks..
5 months ago
Google says Android zero-day was exploited in the wild
Google published information about an Android zero-day vulnerability tracked as CVE-2024-36971, which affects the Linux kernel.
5 months ago
References
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved