Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-53047

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/11/2024
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: init: protect sched with rcu_read_lock<br /> <br /> Enabling CONFIG_PROVE_RCU_LIST with its dependence CONFIG_RCU_EXPERT<br /> creates this splat when an MPTCP socket is created:<br /> <br /> =============================<br /> WARNING: suspicious RCU usage<br /> 6.12.0-rc2+ #11 Not tainted<br /> -----------------------------<br /> net/mptcp/sched.c:44 RCU-list traversed in non-reader section!!<br /> <br /> other info that might help us debug this:<br /> <br /> rcu_scheduler_active = 2, debug_locks = 1<br /> no locks held by mptcp_connect/176.<br /> <br /> stack backtrace:<br /> CPU: 0 UID: 0 PID: 176 Comm: mptcp_connect Not tainted 6.12.0-rc2+ #11<br /> Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011<br /> Call Trace:<br /> <br /> dump_stack_lvl (lib/dump_stack.c:123)<br /> lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)<br /> mptcp_sched_find (net/mptcp/sched.c:44 (discriminator 7))<br /> mptcp_init_sock (net/mptcp/protocol.c:2867 (discriminator 1))<br /> ? sock_init_data_uid (arch/x86/include/asm/atomic.h:28)<br /> inet_create.part.0.constprop.0 (net/ipv4/af_inet.c:386)<br /> ? __sock_create (include/linux/rcupdate.h:347 (discriminator 1))<br /> __sock_create (net/socket.c:1576)<br /> __sys_socket (net/socket.c:1671)<br /> ? __pfx___sys_socket (net/socket.c:1712)<br /> ? do_user_addr_fault (arch/x86/mm/fault.c:1419 (discriminator 1))<br /> __x64_sys_socket (net/socket.c:1728)<br /> do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1))<br /> entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)<br /> <br /> That&amp;#39;s because when the socket is initialised, rcu_read_lock() is not<br /> used despite the explicit comment written above the declaration of<br /> mptcp_sched_find() in sched.c. Adding the missing lock/unlock avoids the<br /> warning.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6 (including) 6.6.60 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.11.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools