CVE-2024-27390: Linux Kernel IPv6 Multicast Vulnerability Patched with IPv6_mc_down() Fix

A new vulnerability, identified as CVE-2024-27390, has been recently addressed in the Linux kernel. The issue arose from the IPv6 multicast subsystem implementation, specifically in the ipv6_mc_down() function. In certain situations, this vulnerability could potentially lead to denial of service, unplanned system reboot, or other adverse effects. This post will discuss the technical details of the vulnerability, the fix, and the relevant code snippets. We will also provide links to the original references and exploit details.

Vulnerability Details:
The issue originated in the ipv6_mc_down() function, where an unnecessary synchronize_net() call was made under certain conditions. This extra call could cause significant delays, ranging from 200 microseconds to 5 milliseconds, in the processing of the network packets. This delay effectively increased the likelihood of packet drop, leading to undesirable behavior in the system.

Original References

The problem has been reported and discussed in the past (commit 2d3916f31891 or "ipv6: fix skb drops
in igmp6_event_query() and igmp6_event_report()"). It has been established that the synchronize_net() call in ipv6_mc_down() was not needed, and its removal could resolve the issue. Furthermore, KASAN (Kernel Address Sanitizer) seemed to agree with this conclusion.

Exploit Details:
At the moment, there is no known exploit for this vulnerability. However, if left unpatched, it could potentially enable adversaries to cause denial of service, force unintended system reboots, or otherwise degrade system performance.

The following code snippet highlights the changes made in the ipv6_mc_down() function

  static void ipv6_mc_down(struct net_device *dev)
  {
 -      synchronize_net();
        mld_clear_delrec(dev);
  }  

As we can see, the synchronize_net(); call has been removed from the ipv6_mc_down() function.

Conclusion

The vulnerability has been identified and fixed in the latest Linux kernel releases. It is advisable for users to make sure their systems are up to date with the latest patches to safeguard against potential exploitation. Users are encouraged to monitor announcements from the Linux kernel development community closely to stay informed on the latest developments and patches.

Links

- Original commit reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f31891
- CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27390

Timeline

Published on: 05/01/2024 13:15:51 UTC
Last modified on: 12/19/2024 08:54:05 UTC