CVE-2024-57903

MEDIUM EPSS 9.0%
Published Jan 15, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 15, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by ksoftirqd/1/24: #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823 Preemption disabled at: [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline] [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537 CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758 __mutex_lock_common kernel/locking/mutex.c:562 [inline] __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179 aead_release+0x3d/0x50 crypto/algif_aead.c:489 alg_do_release crypto/af_alg.c:118 [inline] alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 run_ksoftirqd+0xca/0x130 kernel/softirq.c:950 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK>

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
9.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 22

VendorProductVersionRange
linuxlinux_kernel*≥4.9.196  –  <4.10
linuxlinux_kernel*≥4.14.148  –  <4.15
linuxlinux_kernel*≥4.19.78  –  <4.20
linuxlinux_kernel*≥5.2.20  –  <5.3
linuxlinux_kernel*≥5.3.5  –  <5.4
linuxlinux_kernel*≥5.4.1  –  <5.15.176
linuxlinux_kernel*≥5.16  –  <6.1.124
linuxlinux_kernel*≥6.2  –  <6.6.70
linuxlinux_kernel*≥6.7  –  <6.12.9
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel5.4any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/3257813a3ae7462ac5cde04e120806f0c0776850
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/579cfa595af1e00ccc9c3a849a4add6bba8b4bad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5b0af621c3f6ef9261cf6067812f2fd9943acb4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad2ad4cd11af9d63187cd074314b71b7cf8a2a59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad91a2dacbf8c26a446658cdd55e8324dfeff1e7
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3257813a3ae7462ac5cde04e120806f0c0776850
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/579cfa595af1e00ccc9c3a849a4add6bba8b4bad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5b0af621c3f6ef9261cf6067812f2fd9943acb4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad2ad4cd11af9d63187cd074314b71b7cf8a2a59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad91a2dacbf8c26a446658cdd55e8324dfeff1e7
    Patch