In the Linux kernel, a vulnerability has been identified and resolved in the net, sunrpc subsystem, specifically in the xs_tcp_setup_socket function. This post will provide detailed information about the vulnerability, including code snippets, links to original references, and exploit details.
Vulnerability Details
When a BPF program is used on kernel_connect(), the call might return -EPERM, causing xs_tcp_setup_socket() to loop endlessly. This results in the syslog filling up and a potential kernel freeze. To avoid this issue, it has been suggested to remap EPERM to a more expected error from the network system, such as ECONNREFUSED or ENETDOWN.
The following code snippet demonstrates the vulnerability
if (err == -ECONNREFUSED || err == -ENETUNREACH || err == -EADDRNOTAVAIL) {
...
} else if (err) {
...
return;
}
To address the issue, it is recommended to remap EPERM to ECONNREFUSED, as shown in the following code snippet:
if (err == -ECONNREFUSED || err == -ENETUNREACH || err == -EADDRNOTAVAIL
|| err == -EPERM) {
...
} else if (err) {
...
return;
}
Original References
- Linux Kernel Commit 4fbac77d2d09: Handling of EPERM in the Linux kernel.
- Linux Kernel Commit f10d05966196: BPF_PROG_RUN_ARRAY return -err instead of allow boolean.
Exploit Details
The vulnerability can be exploited by an attacker using a BPF program on kernel_connect(), causing the call to return -EPERM and triggering an endless loop in xs_tcp_setup_socket(). This would result in the syslog being filled up and potential kernel freeze. The attacker would require access to the system to exploit this vulnerability.
Mitigation
The recommended mitigation is to update the Linux kernel to a version that includes the fix for this vulnerability, which remaps EPERM to ECONNREFUSED in the xs_tcp_setup_socket() function. Updating the kernel will ensure that the system is not exposed to this vulnerability and related risk.
Conclusion
This CVE-2024-42246 vulnerability in the Linux kernel's net, sunrpc subsystem has been identified and resolved, preventing potential kernel freezes and other related issues. By updating to a kernel version containing the fix, system administrators can protect their systems from this vulnerability.
Timeline
Published on: 08/07/2024 16:15:47 UTC
Last modified on: 08/08/2024 14:52:35 UTC