A new vulnerability in the Linux kernel, specifically within the net/smc subsystem, has been discovered and resolved recently. This vulnerability potentially led to deadloops when receiving clc messages. In this long read, we'll dive into the details of the vulnerability, the patch that fixes it, and how to ensure your systems are secure.

Background

The Linux kernel is the core component of the Linux operating system and is responsible for managing system resources, such as memory and processes. The kernel contains various subsystems, such as the net/smc, which is responsible for the functioning of the SMC (Shared Memory Connections) network protocol.

The Vulnerability (CVE-2024-57791)

The vulnerability lies in the net/smc subsystem of the Linux kernel, specifically in the handling of the smc_clc_msg_hdr field value. When receiving clc messages, the field length in smc_clc_msg_hdr indicates the length of the message to be received from the network. However, this value should not be fully trusted, since it comes from the network itself. If the value of length exceeds the value of buflen in the function smc_clc_wait_msg, it can result in a deadloop when trying to drain the remaining data that exceeds buflen.

Here's a reference to the original commit from the Linux kernel git repository that fixed the issue

Link to the commit

The Patch

The patch that resolves this vulnerability adds a check for the return value of sock_recvmsg when draining data in the clc message handling. By checking this return value, it prevents the deadloop situation from occurring during draining, thus mitigating the vulnerability.

Before

if (!received) {
    err = sock_recvmsg(sk, &msg, buflen, );
    if (err <= )
        break;
    smc_rxbuf_pull_data(rxbuf, buflen, rmb_seq);
}

After

if (!received) {
    err = sock_recvmsg(sk, &msg, buflen, );
    if (err <= )
        break;
    smc_rxbuf_pull_data(rxbuf, buflen, rmb_seq);
} else {
    err = sock_recvmsg(sk, &msg, length, );
    if (err <= )
        break;
}

As you can see, the patch adds an else block to check the return value of sock_recvmsg when the clc message length exceeds buflen.

Conclusion

This vulnerability in the Linux kernel's net/smc subsystem highlights the importance of continuously monitoring and improving the security of systems running Linux. It is crucial to stay up-to-date on patches and always ensure that you are running the latest version of the Linux kernel to avoid being exposed to any security risks.

In order to protect your systems from this specific vulnerability (CVE-2024-57791), make sure to apply the patch, which introduces the necessary check for the return value of sock_recvmsg when draining data in clc message handling.

If you are running a Linux distribution, it's recommended to follow your distribution's specific instructions on how to update your kernel and apply patches as necessary.

Timeline

Published on: 01/11/2025 13:15:29 UTC
Last modified on: 01/20/2025 06:28:12 UTC