CVE-2024-38596
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-38596
CVE Details
| Release Date: | 2024-06-19 |
Description
In the Linux kernel, the following vulnerability has been resolved:\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\nBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\nwrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\nunix_release_sock (net/unix/af_unix.c:640)\nunix_release (net/unix/af_unix.c:1050)\nsock_close (net/socket.c:659 net/socket.c:1421)\n__fput (fs/file_table.c:422)\n__fput_sync (fs/file_table.c:508)\n__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n__x64_sys_close (fs/open.c:1541)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\nunix_stream_sendmsg (net/unix/af_unix.c:2273)\n__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n____sys_sendmsg (net/socket.c:2584)\n__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nvalue changed: 0x01 -> 0x03\nThe line numbers are related to commit dd5a440a31fa ('Linux 6.9-rc7').\nCommit e1d09c2c2f57 ('af_unix: Fix data races around sk->sk_shutdown.')\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in
See more information about CVE-2024-38596 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 4.7 | CVSS Vector: | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | High |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12611 | 2024-09-11 |
| Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12585 | 2024-08-12 |
| Oracle Linux version 8 (kernel) | ELSA-2024-5101 | 2024-08-08 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12584 | 2024-08-12 |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
