Release Date: | 2024-06-21 |
In the Linux kernel, the following vulnerability has been resolved:\ntls: fix missing memory barrier in tls_init\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n// In sock_common_setsockopt()\nREAD_ONCE(sk->sk_prot)->setsockopt()\n// In tls_{setsockopt,getsockopt}()\nctx->sk_proto->setsockopt() -(3)\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot.
See more information about CVE-2024-36489 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 6.1 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | High |
Integrity Impact: | None | Availability Impact: | Low |
Platform | Errata | Release Date |
Oracle Linux version 8 (kernel) | ELSA-2024-5101 | 2024-08-08 |
Oracle Linux version 9 (kernel) | ELSA-2024-5363 | 2024-08-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: