CVE-2024-36489

CVE Details

Release Date:2024-06-21

Description


In the Linux kernel, the following vulnerability has been resolved:\ntls: fix missing memory barrier in tls_init\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n// In sock_common_setsockopt()\nREAD_ONCE(sk->sk_prot)->setsockopt()\n// In tls_{setsockopt,getsockopt}()\nctx->sk_proto->setsockopt() -(3)\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot.

See more information about CVE-2024-36489 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 6.1 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: High
Integrity Impact: None Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (kernel)ELSA-2024-51012024-08-08
Oracle Linux version 9 (kernel)ELSA-2024-53632024-08-14


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete