CVE-2024-53124

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 11, 2024
CWE ID 362

Summary

CVE-2024-53124 is a vulnerability affecting the Linux kernel that involves data races around sk->sk_forward_alloc in net modules. Two threads calling tcp_v6_do_rcv() or dccp_v6_do_rcv() concurrently with sk->sk_state as TCP_LISTEN and sk->sk_lock unset can trigger this issue. This may result in incorrect memory handling, leading to potential security vulnerabilities. The vulnerability was discovered using Syzkaller, and the affected functions include sk_mem_schedule, sk_mem_charge, sk_mem_uncharge, and sk_mem_reclaim. The issue arises due to the incorrect usage of skb_clone_and_charge_r() in tcp_v6_do_rcv() when sk->sk_state is TCP_LISTEN. The Linux kernel developers have resolved this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share