U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-38596 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a

Weakness Enumeration

CWE-ID CWE Name Source

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-38596
NVD Published Date:
06/19/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org