Welcome to LinuxPatch, where we prioritize keeping you informed and secure. Today, we're delving into an essential topic that impacts many systems running the Linux kernel. The recent discovery and resolution of CVE-2024-36972, a high-severity vulnerability, is crucial for all users and administrators to understand.
What is CVE-2024-36972?
CVE-2024-36972 highlights a specific flaw within the Linux kernel's handling of out-of-band socket messages in UNIX domain sockets (AF_UNIX). The issue involves improper synchronization when updating the unix_sk(sk)->oob_skb pointer under concurrent conditions, leading to a potential null pointer dereference.
This vulnerability was discovered by researcher Billy Jheng Bing-Jhong, who noticed a critical race condition between the garbage collection process via __unix_gc() and the out-of-band data queuing process in queue_oob(). Essentially, while the garbage collector attempted to clean up closed inflight sockets and nullify their out-of-band data buffers if applicable, the concurrent queuing of new out-of-band data by a peer could lead to a situation where the system attempted to access a non-existent (null) pointer.
Such access attempts could crash the system or lead to other undefined behavior, jeopardizing system stability and security. The precise scenario and technical details involve complex interactions within kernel space, specifically with tasks such as skb_dequeue() and operations on socket buffers, which are critical for network data flow.
Impact and Severity
The severity of CVE-2024-36972 is classified as high, with a CVSS score of 7.5. This score reflects the potential for system crashes (denial of service) and the complexity of reliably exploiting this vulnerability. Given the nature of the affected component—AF_UNIX sockets—this vulnerability could affect a broad range of systems, particularly those using Unix domain sockets for inter-process communication (IPC).
Resolving the Vulnerability
To address this vulnerability, changes were made to ensure that updates to unix_sk(sk)->oob_skb are performed under the protection of the sk_receive_queue's lock. This approach synchronizes access to the out-of-band data buffer, preventing concurrent changes that could lead to null pointer dereferences. Moreover, the delayed freeing of socket buffers (kfree_skb()) in manage_oob() was adapted to mitigate false-positive lock dependency issues, further stabilizing the correction.
What Should You Do?
If you're responsible for Linux systems, particularly ones utilizing Unix domain sockets, it is recommended to update to the latest version of the Linux kernel where this patch has been applied. Always ensure that your systems are up to date with the latest security patches to protect against known vulnerabilities.
Thank you for staying informed with LinuxPatch. Stay tuned for more updates and guides on keeping your systems secure. Remember, understanding and applying security patches is fundamental to maintaining the integrity and reliability of your IT infrastructure.