CVE-2024-36484— net: relax socket state check at accept time.
Affected Version Matrix 19
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 34e41a031fd7523bf1cd00a2adca2370aebea270< 7de00adc9bd035d861ba4177848ca0bfa5ed1e04 | affected |
ed5e279b69e007ce6c0fe82a5a534c1b19783214< 59801e88c99f7c3f44a4d20af6ba6417aa359b5d | affected | ||
413c33b9f3bc36fdf719690a78824db9f88a9485< 6e03006548c66b979f4e5e9fc797aac4dad82822 | affected | ||
2552c9d9440f8e7a2ed0660911ff00f25b90a0a4< 21c14c556cccd0cb54b71ec5e901e64ba84c7165 | affected | ||
3fe4ef0568a48369b1891395d13ac593b1ba41b1< c09ddc605893df542c6cf8dde6a57a93f7cf0adb | affected | ||
f47d0d32fa94e815fdd78b8b88684873e67939f4< 87bdc9f6f58b4417362d6932b49b828e319f97dc | affected | ||
94062790aedb505bdda209b10bea47b294d6394f< 5f9a04a94fd1894d7009055ab8e5832a0242dba3 | affected | ||
94062790aedb505bdda209b10bea47b294d6394f< 26afda78cda3da974fd4c287962c169e9462c495 | affected | ||
| … +11 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-36484
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
net: relax socket state check at accept time.
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 RIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759 Code: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd <0f> 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80 RSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293 RAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64 R10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000 R13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800 FS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786 do_accept+0x435/0x620 net/socket.c:1929 __sys_accept4_file net/socket.c:1969 [inline] __sys_accept4+0x9b/0x110 net/socket.c:1999 __do_sys_accept net/socket.c:2016 [inline] __se_sys_accept net/socket.c:2013 [inline] __x64_sys_accept+0x7d/0x90 net/socket.c:2013 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x4315f9 Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b RAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300 R10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055 </TASK> The reproducer invokes shutdown() before entering the listener status. After commit 94062790aedb ("tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets"), the above causes the child to reach the accept syscall in FIN_WAIT1 status. Eric noted we can relax the existing assertion in __inet_accept()
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于net模块存在问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-36484
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-36484
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-06-21 · 40 CVEs total
| CVE-2024-38636 | f2fs: multidev: fix to recognize valid zero block address | |
| CVE-2024-38627 | stm class: Fix a double free in stm_register_device() | |
| CVE-2024-38628 | usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. | |
| CVE-2024-38629 | dmaengine: idxd: Avoid unnecessary destruction of file_ida | |
| CVE-2024-38630 | watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger | |
| CVE-2024-38631 | iio: adc: PAC1934: fix accessing out of bounds array index | |
| CVE-2024-38632 | vfio/pci: fix potential memory leak in vfio_intx_enable() | |
| CVE-2024-38633 | serial: max3100: Update uart_driver_registered on driver removal | |
| CVE-2024-38634 | serial: max3100: Lock port->lock when calling uart_handle_cts_change() | |
| CVE-2024-38635 | soundwire: cadence: fix invalid PDI offset | |
| CVE-2024-38625 | fs/ntfs3: Check 'folio' pointer for NULL | |
| CVE-2024-38637 | greybus: lights: check return of get_channel_from_mode | |
| CVE-2024-38659 | enic: Validate length of nl attributes in enic_set_vf_port | |
| CVE-2024-38662 | bpf: Allow delete from sockmap/sockhash only if update is allowed | |
| CVE-2024-38780 | dma-buf/sw-sync: don't enable IRQ from sync_print_obj() | |
| CVE-2024-39277 | dma-mapping: benchmark: handle NUMA_NO_NODE correctly | |
| CVE-2024-34777 | dma-mapping: benchmark: fix node id validation | |
| CVE-2024-36288 | SUNRPC: Fix loop termination condition in gss_free_in_token_pages() | |
| CVE-2024-36477 | tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer | |
| CVE-2024-36481 | tracing/probes: fix error check in parse_btf_field() |
Showing top 20 of 40 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43502
net/rds: handle zerocopy send cleanup before the message is - CVE-2026-43501
ipv6: rpl: reserve mac_len headroom when recompressed SRH gr - CVE-2026-43498
accel/ivpu: Disallow re-exporting imported GEM objects - CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waite - CVE-2026-43497
fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-aft
Same vendor: Linux
- CVE-2026-43502
net/rds: handle zerocopy send cleanup before the message is - CVE-2026-43501
ipv6: rpl: reserve mac_len headroom when recompressed SRH gr - CVE-2026-43498
accel/ivpu: Disallow re-exporting imported GEM objects - CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waite - CVE-2026-43497
fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-aft
V. Comments for CVE-2024-36484
No comments yet