CVE-2024-36489
Published: Jun 21, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // In sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // In tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt() -(3) In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference. To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is initialized, we can ensure that ctx->sk_proto are visible when changing sk->sk_prot.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d5bee7374b68de3c44586d46e9e61ffc97a1e886 - < d72e126e9a36d3d33889829df8fc90100bb0e071affected d5bee7374b68de3c44586d46e9e61ffc97a1e886 - < 2c260a24cf1c4d30ea3646124f766ee46169280baffected d5bee7374b68de3c44586d46e9e61ffc97a1e886 - < 335c8f1566d8e44c384d16b450a18554896d4e8baffected d5bee7374b68de3c44586d46e9e61ffc97a1e886 - < ab67c2fd3d070a21914d0c31319d3858ab4e199caffected d5bee7374b68de3c44586d46e9e61ffc97a1e886 - < ef21007a7b581c7fe64d5a10c320880a033c837b+1 more versions |
Linux | Linux | affected 5.7unaffected 0 - < 5.7unaffected 5.10.219 - <= 5.10.*unaffected 5.15.161 - <= 5.15.*unaffected 6.1.93 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now