Race Condition Vulnerability in Linux Kernel's ILA Implementation
CVE-2024-57900

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 January 2025

Summary

A race condition in the Linux kernel's Ingress Locator Adjustment (ILA) feature can potentially allow multiple threads to execute the command to add mappings simultaneously. This creates a scenario where calls to register network hooks can occur concurrently, leading to unforeseen behavior and potential system instability. The vulnerability was identified by syzbot, which demonstrated a concurrent processing issue during ILA_CMD_ADD operations. This bug can result in a use-after-free error in the kernel, specifically noted in the rhashtable implementation. A mutex has been added to ensure that only one thread can call the network hook registration function at a time, mitigating the risk associated with this race condition.

Affected Version(s)

Linux 7f00feaf107645d95a6d87e99b4d141ac0a08efd < 1638f430f8900f2375f5de45508fbe553997e190

Linux 7f00feaf107645d95a6d87e99b4d141ac0a08efd

References

https://git.kernel.org/stable/c/1638f430f8900f2375f5de455...

https://git.kernel.org/stable/c/d3017895e393536b234cf80a8...

https://git.kernel.org/stable/c/ad0677c37c14fa28913daea92...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 11, 2025