CVE-2024-50034 (GCVE-0-2024-50034)
Vulnerability from cvelistv5
Published
2024-10-21 19:39
Modified
2025-05-04 09:44
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000005 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000 [0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003, pud=0000000000000000 Internal error: Oops: 0000000086000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910 sp : ffff80009b887a90 x29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000 x26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00 x23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000 x20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee x17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001 x14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003 x11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000 Call trace: 0x0 netlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000 smack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593 smack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973 security_socket_post_create+0x94/0xd4 security/security.c:4425 __sock_create+0x4c8/0x884 net/socket.c:1587 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x134/0x340 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1718 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- This patch add a toy implementation that performs a simple return to prevent such panic. This is because MSS can be set in sock_create_kern or smc_setsockopt, similar to how it's done in AF_SMC. However, for AF_SMC, there is currently no way to synchronize MSS within __sys_connect_file. This toy implementation lays the groundwork for us to support such feature for IPPROTO_SMC in the future.
References
Impacted products
Vendor Product Version
Linux Linux Version: d25a92ccae6bed02327b63d138e12e7806830f78
Version: d25a92ccae6bed02327b63d138e12e7806830f78
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:25:41.741757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:28:45.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "44dc50df15f5bd4221d8f708885a9d49cda7f57e",
              "status": "affected",
              "version": "d25a92ccae6bed02327b63d138e12e7806830f78",
              "versionType": "git"
            },
            {
              "lessThan": "6fd27ea183c208e478129a85e11d880fc70040f2",
              "status": "affected",
              "version": "d25a92ccae6bed02327b63d138e12e7806830f78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.4",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\n\nEric report a panic on IPPROTO_SMC, and give the facts\nthat when INET_PROTOSW_ICSK was set, icsk-\u003eicsk_sync_mss must be set too.\n\nBug: Unable to handle kernel NULL pointer dereference at virtual address\n0000000000000000\nMem abort info:\nESR = 0x0000000086000005\nEC = 0x21: IABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000\n[0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003,\npud=0000000000000000\nInternal error: Oops: 0000000086000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted\n6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 08/06/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : 0x0\nlr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910\nsp : ffff80009b887a90\nx29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000\nx26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00\nx23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000\nx20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee\nx17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001\nx14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003\nx11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000\nCall trace:\n0x0\nnetlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000\nsmack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593\nsmack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973\nsecurity_socket_post_create+0x94/0xd4 security/security.c:4425\n__sock_create+0x4c8/0x884 net/socket.c:1587\nsock_create net/socket.c:1622 [inline]\n__sys_socket_create net/socket.c:1659 [inline]\n__sys_socket+0x134/0x340 net/socket.c:1706\n__do_sys_socket net/socket.c:1720 [inline]\n__se_sys_socket net/socket.c:1718 [inline]\n__arm64_sys_socket+0x7c/0x94 net/socket.c:1718\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nCode: ???????? ???????? ???????? ???????? (????????)\n---[ end trace 0000000000000000 ]---\n\nThis patch add a toy implementation that performs a simple return to\nprevent such panic. This is because MSS can be set in sock_create_kern\nor smc_setsockopt, similar to how it\u0027s done in AF_SMC. However, for\nAF_SMC, there is currently no way to synchronize MSS within\n__sys_connect_file. This toy implementation lays the groundwork for us\nto support such feature for IPPROTO_SMC in the future."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:44:18.866Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/44dc50df15f5bd4221d8f708885a9d49cda7f57e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fd27ea183c208e478129a85e11d880fc70040f2"
        }
      ],
      "title": "net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50034",
    "datePublished": "2024-10-21T19:39:35.785Z",
    "dateReserved": "2024-10-21T12:17:06.070Z",
    "dateUpdated": "2025-05-04T09:44:18.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50034\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T20:15:16.553\",\"lastModified\":\"2024-10-24T19:56:29.170\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\\n\\nEric report a panic on IPPROTO_SMC, and give the facts\\nthat when INET_PROTOSW_ICSK was set, icsk-\u003eicsk_sync_mss must be set too.\\n\\nBug: Unable to handle kernel NULL pointer dereference at virtual address\\n0000000000000000\\nMem abort info:\\nESR = 0x0000000086000005\\nEC = 0x21: IABT (current EL), IL = 32 bits\\nSET = 0, FnV = 0\\nEA = 0, S1PTW = 0\\nFSC = 0x05: level 1 translation fault\\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000\\n[0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003,\\npud=0000000000000000\\nInternal error: Oops: 0000000086000005 [#1] PREEMPT SMP\\nModules linked in:\\nCPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted\\n6.11.0-rc7-syzkaller-g5f5673607153 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine,\\nBIOS Google 08/06/2024\\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\npc : 0x0\\nlr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910\\nsp : ffff80009b887a90\\nx29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000\\nx26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00\\nx23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000\\nx20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee\\nx17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001\\nx14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003\\nx11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1\\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\\nx5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000\\nx2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000\\nCall trace:\\n0x0\\nnetlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000\\nsmack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593\\nsmack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973\\nsecurity_socket_post_create+0x94/0xd4 security/security.c:4425\\n__sock_create+0x4c8/0x884 net/socket.c:1587\\nsock_create net/socket.c:1622 [inline]\\n__sys_socket_create net/socket.c:1659 [inline]\\n__sys_socket+0x134/0x340 net/socket.c:1706\\n__do_sys_socket net/socket.c:1720 [inline]\\n__se_sys_socket net/socket.c:1718 [inline]\\n__arm64_sys_socket+0x7c/0x94 net/socket.c:1718\\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\\nCode: ???????? ???????? ???????? ???????? (????????)\\n---[ end trace 0000000000000000 ]---\\n\\nThis patch add a toy implementation that performs a simple return to\\nprevent such panic. This is because MSS can be set in sock_create_kern\\nor smc_setsockopt, similar to how it\u0027s done in AF_SMC. However, for\\nAF_SMC, there is currently no way to synchronize MSS within\\n__sys_connect_file. This toy implementation lays the groundwork for us\\nto support such feature for IPPROTO_SMC in the future.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: corrige la falta de icsk_syn_mss con IPPROTO_SMC Eric informa un p\u00e1nico en IPPROTO_SMC y proporciona los hechos de que cuando se configura INET_PROTOSW_ICSK, tambi\u00e9n se debe configurar icsk-\u0026gt;icsk_sync_mss. Error: No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000000 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000086000005 EC = 0x21: IABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: error de traducci\u00f3n de nivel 1 usuario pgtable: 4k p\u00e1ginas, VA de 48 bits, pgdp=00000001195d1000 [000000000000000] pgd=0800000109c46003, p4d=0800000109c46003, pud=000000000000000 Error interno: Oops: 0000000086000005 [#1] M\u00f3dulos PREEMPT SMP vinculados en: CPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 No contaminado 6.11.0-rc7-syzkaller-g5f5673607153 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910 sp : ffff80009b887a90 x29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000 x26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00 x23: 0000000 x22: ffff0000d8b78518 x21: 0000000000000000 x20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee x17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001 x14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003 x11: 0000000000040000 x10: 00000000000020a3 x9: 1fffe0001b16f0f1 x8: 0000000000000000 x7: 0000000000000000 x6: 000000000000003f x5: 0000000000000040 x4 : 00000000000000001 x3 : 0000000000000000 x2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000 Rastreo de llamadas: 0x0 netlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000 smack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593 smack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973 security_socket_post_create+0x94/0xd4 seguridad/seguridad.c:4425 __sock_create+0x4c8/0x884 red/socket.c:1587 sock_create red/socket.c:1622 [en l\u00ednea] __sys_socket_create red/socket.c:1659 [en l\u00ednea] __sys_socket+0x134/0x340 red/socket.c:1706 __do_sys_socket red/socket.c:1720 [en l\u00ednea] __se_sys_socket red/socket.c:1718 [en l\u00ednea] __arm64_sys_socket+0x7c/0x94 red/socket.c:1718 __invoke_syscall arch/arm64/kernel/syscall.c:35 [en l\u00ednea] invocar_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 C\u00f3digo: ???????? ???????? ???????? ???????? (????????) ---[ fin del seguimiento 0000000000000000 ]--- Este parche agrega una implementaci\u00f3n de juguete que realiza un retorno simple para evitar tal p\u00e1nico. Esto se debe a que MSS se puede configurar en sock_create_kern o smc_setsockopt, de manera similar a como se hace en AF_SMC. Sin embargo, para AF_SMC, actualmente no hay forma de sincronizar MSS dentro de __sys_connect_file. Esta implementaci\u00f3n de juguete sienta las bases para que admitamos dicha funci\u00f3n para IPPROTO_SMC en el futuro.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.11\",\"versionEndExcluding\":\"6.11.4\",\"matchCriteriaId\":\"66F99BD9-E74F-4CC8-834E-B73BD4643C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/44dc50df15f5bd4221d8f708885a9d49cda7f57e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6fd27ea183c208e478129a85e11d880fc70040f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50034\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T13:25:41.741757Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T13:25:44.922Z\"}}], \"cna\": {\"title\": \"net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"d25a92ccae6bed02327b63d138e12e7806830f78\", \"lessThan\": \"44dc50df15f5bd4221d8f708885a9d49cda7f57e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d25a92ccae6bed02327b63d138e12e7806830f78\", \"lessThan\": \"6fd27ea183c208e478129a85e11d880fc70040f2\", \"versionType\": \"git\"}], \"programFiles\": [\"net/smc/smc_inet.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.11.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/smc/smc_inet.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/44dc50df15f5bd4221d8f708885a9d49cda7f57e\"}, {\"url\": \"https://git.kernel.org/stable/c/6fd27ea183c208e478129a85e11d880fc70040f2\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\\n\\nEric report a panic on IPPROTO_SMC, and give the facts\\nthat when INET_PROTOSW_ICSK was set, icsk-\u003eicsk_sync_mss must be set too.\\n\\nBug: Unable to handle kernel NULL pointer dereference at virtual address\\n0000000000000000\\nMem abort info:\\nESR = 0x0000000086000005\\nEC = 0x21: IABT (current EL), IL = 32 bits\\nSET = 0, FnV = 0\\nEA = 0, S1PTW = 0\\nFSC = 0x05: level 1 translation fault\\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000\\n[0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003,\\npud=0000000000000000\\nInternal error: Oops: 0000000086000005 [#1] PREEMPT SMP\\nModules linked in:\\nCPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted\\n6.11.0-rc7-syzkaller-g5f5673607153 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine,\\nBIOS Google 08/06/2024\\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\npc : 0x0\\nlr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910\\nsp : ffff80009b887a90\\nx29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000\\nx26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00\\nx23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000\\nx20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee\\nx17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001\\nx14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003\\nx11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1\\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\\nx5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000\\nx2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000\\nCall trace:\\n0x0\\nnetlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000\\nsmack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593\\nsmack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973\\nsecurity_socket_post_create+0x94/0xd4 security/security.c:4425\\n__sock_create+0x4c8/0x884 net/socket.c:1587\\nsock_create net/socket.c:1622 [inline]\\n__sys_socket_create net/socket.c:1659 [inline]\\n__sys_socket+0x134/0x340 net/socket.c:1706\\n__do_sys_socket net/socket.c:1720 [inline]\\n__se_sys_socket net/socket.c:1718 [inline]\\n__arm64_sys_socket+0x7c/0x94 net/socket.c:1718\\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\\nCode: ???????? ???????? ???????? ???????? (????????)\\n---[ end trace 0000000000000000 ]---\\n\\nThis patch add a toy implementation that performs a simple return to\\nprevent such panic. This is because MSS can be set in sock_create_kern\\nor smc_setsockopt, similar to how it\u0027s done in AF_SMC. However, for\\nAF_SMC, there is currently no way to synchronize MSS within\\n__sys_connect_file. This toy implementation lays the groundwork for us\\nto support such feature for IPPROTO_SMC in the future.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11.4\", \"versionStartIncluding\": \"6.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12\", \"versionStartIncluding\": \"6.11\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:44:18.866Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-50034\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:44:18.866Z\", \"dateReserved\": \"2024-10-21T12:17:06.070Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-21T19:39:35.785Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.