CVE-2024-27395 - Linux Kernel net: openvswitch Use-After-Free Vulnerability Mitigated through ovs_ct_exit Fix

A recently patched vulnerability (CVE-2024-27395) addresses a Use-After-Free issue in the Linux kernel's Open vSwitch (OvS) module. This blog post will discuss the details of the vulnerability, the code changes introduced to fix the issue, and how to address this vulnerability in your Linux system.

Vulnerability Details

The Linux kernel is responsible for providing an interface between a computer's hardware and its software. One of the kernel's components, the Open vSwitch (OvS) module, facilitates network virtualization in multitenant environments. However, within this module, a Use-After-Free vulnerability has been identified, which could allow attackers to execute malicious code or cause system crashes.

The vulnerability exists within the ovs_ct_exit function utilized to clean up Connection Tracking (CT) related resources. Due to an issue in the kfree_rcu function call during the hlist_for_each_entry_rcu traversal in ovs_ct_limit_exit, it is not part of the RCU (Read-Copy-Update) read critical section. Consequently, the RCU grace period may pass during the traversal, causing the key to be released erroneously.

Resolution

To resolve this vulnerability, the code has been changed from using hlist_for_each_entry_rcu to hlist_for_each_entry_safe. Here is a snippet of the patched code:

static void ovs_ct_limit_exit(struct hlist_head *limits)
{
    struct ovs_ct_limit *limit;
    struct hlist_node *tmp;

    hlist_for_each_entry_safe(limit, tmp, limits, node) {
        add_stats(limit, cpu);
        hlist_del_rcu(&limit->node);
        kfree_rcu(limit, rcu);
    }
}

With this change, the RCU grace period issue is effectively mitigated, preventing Use-After-Free from occurring in the ovs_ct_exit function.

Original References

For more details on the patches and the commit logs that introduced these changes, please refer to the following links to the official Git repositories for the Linux kernel:

1. Commit log for the ovs_ct_exit patch
2. Overall Linux kernel Git repository

Exploit Details

At the time of writing this post, no known exploits specifically targeting this vulnerability have been identified in the wild. Nevertheless, it is essential to apply security patches as they are released to ensure that your systems remain protected.

Recommendations

To address this vulnerability in your Linux system, it is highly recommended to update your Linux kernel to a version containing the patch for CVE-2024-27395. Since different Linux distributions release kernel updates on different schedules, check with your distribution's maintainers or consult the distribution's documentation for kernel updates.

Conclusion

The Linux kernel's recent patch for the Open vSwitch Use-After-Free vulnerability (CVE-2024-27395) demonstrates the continuous efforts to maintain the security of the kernel and emphasizes the importance of keeping systems up-to-date to defend against potential threats. By understanding the vulnerability and applying the appropriate patches, system administrators can continue to ensure the security and stability of their Linux systems.

Timeline

Published on: 05/14/2024 15:12:27 UTC
Last modified on: 06/27/2024 12:15:24 UTC