CVE-2024-42246

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket<br /> <br /> When using a BPF program on kernel_connect(), the call can return -EPERM. This<br /> causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing<br /> the kernel to potentially freeze up.<br /> <br /> Neil suggested:<br /> <br /> This will propagate -EPERM up into other layers which might not be ready<br /> to handle it. It might be safer to map EPERM to an error we would be more<br /> likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.<br /> <br /> ECONNREFUSED as error seems reasonable. For programs setting a different error<br /> can be out of reach (see handling in 4fbac77d2d09) in particular on kernels<br /> which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err<br /> instead of allow boolean"), thus given that it is better to simply remap for<br /> consistent behavior. UDP does handle EPERM in xs_udp_send_request().