CVE-2024-42246
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Aug 7, 2024
Updated: Sep 12, 2024
CWE ID 835
Summary
CVE-2024-42246 is a Linux kernel vulnerability affecting the net and sunrpc modules. When using a BPF program with kernel_connect(), a return value of -EPERM from xs_tcp_setup_socket() causes an infinite loop and potential kernel freeze. A suggested remediation involves mapping -EPERM to a more expected network error, such as ECONNREFUSED, ensuring consistency across different layers and kernel versions. UDP already handles -EPERM in xs_udp_send_request().
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share