Linux Kernel Vulnerability in Receive Handling of CLC Messages by Vendor
CVE-2024-57791

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability has been identified in the Linux kernel related to the handling of CLC messages during network operations. Specifically, the length of the message received from the network may not be fully trusted, potentially leading to a scenario where the expected length exceeds the buffer size. This situation can cause the process to enter a deadloop while attempting to drain the excess data. The recent patch adds checks to the return value of sock_recvmsg, improving the robustness of the data draining process and mitigating the risk of deadloops.

Affected Version(s)

Linux fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 < 82c7ad9ca09975aae737abffd66d1ad98874c13d

Linux fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 < 6b80924af6216277892d5f091f5bfc7d1265fa28

Linux fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1

References

https://git.kernel.org/stable/c/82c7ad9ca09975aae737abffd...

https://git.kernel.org/stable/c/6b80924af6216277892d5f091...

https://git.kernel.org/stable/c/d7d1f986ebb284b1db8dafca7...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 9, 2025