CVE-2024-49944

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start<br /> <br /> In sctp_listen_start() invoked by sctp_inet_listen(), it should set the<br /> sk_state back to CLOSED if sctp_autobind() fails due to whatever reason.<br /> <br /> Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-&gt;reuse<br /> is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-&gt;bind_hash will<br /> be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash<br /> is NULL.<br /> <br /> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]<br /> RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617<br /> Call Trace:<br /> <br /> __sys_listen_socket net/socket.c:1883 [inline]<br /> __sys_listen+0x1b7/0x230 net/socket.c:1894<br /> __do_sys_listen net/socket.c:1902 [inline]