CVE-2024-49944 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: <TASK> __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062
https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7
https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba
https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160
https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455
https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa
https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce
https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5
https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d
https://lore.kernel.org/linux-cve-announce/2024102128-CVE-2024-49944-240a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-49944
https://www.cve.org/CVERecord?id=CVE-2024-49944

History

Wed, 13 Nov 2024 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062 https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba

Wed, 23 Oct 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102128-CVE-2024-49944-240a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-49944 https://www.cve.org/CVERecord?id=CVE-2024-49944
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: <TASK> __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline]
Title		sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
References		https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7 https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160 https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455 https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5 https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-21T18:02:02.457Z

Updated: 2025-05-04T09:42:00.799Z

Reserved: 2024-10-21T12:17:06.044Z

Link: CVE-2024-49944

Vulnrichment

Updated: 2024-10-22T13:37:23.376Z

NVD

Status : Analyzed

Published: 2024-10-21T18:15:15.993

Modified: 2024-11-13T13:30:25.217

Link: CVE-2024-49944

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-49944 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object