Alireza Gharib Blog

CVE-2024-57903 – Linux kernel SO_REUSEPORT Inet Socket Restriction Comic Book Bug

CVE ID : CVE-2024-57903

Published : Jan. 15, 2025, 1:15 p.m. | 1 hour, 2 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net: restrict SO_REUSEPORT to inet sockets

After blamed commit, crypto sockets could accidentally be destroyed
from RCU call back, as spotted by zyzbot [1].

Trying to acquire a mutex in RCU callback is not allowed.

Restrict SO_REUSEPORT socket option to inet sockets.

v1 of this patch supported TCP, UDP and SCTP sockets,
but fcnal-test.sh test needed RAW and ICMP support.

[1]
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1
preempt_count: 100, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by ksoftirqd/1/24:
#0: ffffffff8e937ba0 (rcu_callback){….}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e937ba0 (rcu_callback){….}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]
#0: ffffffff8e937ba0 (rcu_callback){….}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823
Preemption disabled at:
[] softirq_handle_begin kernel/softirq.c:402 [inline]
[] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537
CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:

__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
__might_resched+0x5d4/0x780 kernel/sched/core.c:8758
__mutex_lock_common kernel/locking/mutex.c:562 [inline]
__mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735
crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179
aead_release+0x3d/0x50 crypto/algif_aead.c:489
alg_do_release crypto/af_alg.c:118 [inline]
alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502
__sk_destruct+0x58/0x5f0 net/core/sock.c:2260
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
run_ksoftirqd+0xca/0x130 kernel/softirq.c:950
smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244


Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Go to Source

Tags: #cve, #cybersecurity, #security

Related Posts

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast Vulnerable Moxa devices expose industrial networks to attacks Vulnerability Overload: 40,000+ CVEs in 2024 Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE Top Cybersecurity Certifications to Boost Your Career in 2025 Threat Actors Exploit a Critical Ivanti RCE Bug, Again Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766 TheCyberThrone Security Weekly Review – January 11, 2025 TheCyberThrone Security Weekly Review – January 04, 2025 SonicWall waarschuwt voor actief misbruikt lek in SSLVPN-functie firewalls SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS SimpleHelp Urgents to Patch Critical Security Vulnerabilities Secure Your Repos: go-git Patches Critical Vulnerability – CVE-2025-21613 (CVSS 9.8) Reversing, Discovering, And Exploiting A TP-Link Router Vulnerability — CVE-2024–54887 Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers Redis was affected by CVE-2024-51741 and CVE-2024-46981 Nuclei flaw lets malicious templates bypass signature verification
, , , ,
, ,
Recent Posts