Wind River Support Network

HomeDefectsLIN1022-9498
Fixed

LIN1022-9498 : Security Advisory - linux - CVE-2024-36489

Created: Jun 21, 2024    Updated: Jun 26, 2024
Resolved Date: Jun 24, 2024
Found In Version: 10.22.33.1
Fix Version: 10.22.33.17
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

tls: fix missing memory barrier in tls_init

In tls_init(), a write memory barrier is missing, and store-store
reordering may cause NULL dereference in tls_{setsockopt,getsockopt}.

CPU0                               CPU1
-----                              -----
// In tls_init()
// In tls_ctx_create()
ctx = kzalloc()
ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)

// In update_sk_prot()
WRITE_ONCE(sk->sk_prot, tls_prots)     -(2)

                                   // In sock_common_setsockopt()
                                   READ_ONCE(sk->sk_prot)->setsockopt()

                                   // In tls_{setsockopt,getsockopt}()
                                   ctx->sk_proto->setsockopt()    -(3)

In the above scenario, when (1) and (2) are reordered, (3) can observe
the NULL value of ctx->sk_proto, causing NULL dereference.

To fix it, we rely on rcu_assign_pointer() which implies the release
barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is
initialized, we can ensure that ctx->sk_proto are visible when
changing sk->sk_prot.

CREATE(Triage):(User=admin) CVE-2024-36489 (https://nvd.nist.gov/vuln/detail/CVE-2024-36489)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube