CVE-2024-44935 - Linux kernel vulnerability resolved: sctp null-ptr-deref in reuseport_add_sock()

Content: A vulnerability found in the Linux kernel, reported by syzbot [], related to sctp null-ptr-deref in reuseport_add_sock() has recently been resolved. The issue arose because of improper synchronization within the SCTP implementation of the functions reuseport_alloc(), reuseport_add_sock(), and reuseport_detach_sock().

This vulnerability could lead to general protection faults and null pointer dereferences. The issue was resolved by applying a locking strategy similar to what is used within TCP/UDP implementations. This new locking strategy was applied to __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions.

Only one group hit first in __sctp_rcv_lookup_endpoint() receives incoming packets

Furthermore, this issue could lead to other risks such as multiple identical reuseport groups receiving packets and thus causing unintended packet loss.

You can find the code snippet for the fix below

reuseport_add_sock+x27e/x5e net/core/sock_reuseport.c:350
Code: 00 f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 f 85 a3 01 00 00 e8 6d a ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> f b6 04 28 84 c f 85 4b 02 00 00 41 f b7 5e 12 49 8d 7e 14
RIP: 001:reuseport_add_sock+x27e/x5e net/core/sock_reuseport.c:350

You can find the original reference for the issue reported by syzbot here: []

As a Linux kernel user, please ensure your kernel is up to date with the latest patches to keep your system secure and stable.

References

[]: https://lore.kernel.org/syzbot/dffff56e9defbebce7f@syzkallergmail/

Timeline

Published on: 08/26/2024 11:15:05 UTC
Last modified on: 08/27/2024 16:09:01 UTC