CVE-2024-26625: Linux Kernel Vulnerability - LLC Socket Use-After-Free Fixed

A Linux kernel vulnerability (CVE-2024-26625) related to a stale sk->sk_wq pointer in a closed LLC (Logical Link Control) socket has been discovered and resolved. This use-after-free vulnerability could potentially allow attackers to execute arbitrary code and gain control over affected systems.

Background and Details

The issue was first reported by 'syzbot' in an interesting trace [1]. It was identified that sock_orphan() call was missing at the release time in LLC sockets, resulting in this use-after-free bug.

Eric Biggers had previously hinted that some protocols were missing a sock_orphan() in commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling proto_ops::release()"); thus, a full audit was deemed necessary in the light of this discovery. To patch this vulnerability, the plan is to clear sock->sk from sock_orphan() and amend Eric's patch by adding a warning in net-next.

The actual error trace and related code snippet reported by syzbot can be found in reference [1] below.

Implications

This vulnerability could have considerable consequences, as it could potentially allow attackers to execute arbitrary code, resulting in the compromise of affected systems. It is crucial for system administrators and developers to stay up to date with patch releases related to this issue.

Recommendations

To mitigate this vulnerability, users should keep the Linux kernel up to date and pay attention to patch releases specifically addressing this issue. It is also advisable to follow security best practices such as regularly updating software, using complex and unique passwords, and employing network and system security measures.

References

[1] https://lore.kernel.org/linux-next/20220203115851.GJ79766@ubicom.tudelft.nl/ (Original trace report and code snippet by syzbot)

For more information about the Linux kernel and related vulnerabilities, please visit the official Linux Kernel Mailing List: https://lore.kernel.org/patchwork/patch/675101/

Timeline

Published on: 03/06/2024 07:15:12 UTC
Last modified on: 06/27/2024 13:15:55 UTC