0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8 RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027 RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0 RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0 R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84 R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0 FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: ? refcount_warn_saturate+0xe5/0x110 ? __warn+0x81/0x130 ? refcount_warn_saturate+0xe5/0x110 ? report_bug+0x171/0x1a0 ? refcount_warn_saturate+0xe5/0x110 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? refcount_warn_saturate+0xe5/0x110 tcp_twsk_unique+0x186/0x190 __inet_check_established+0x176/0x2d0 __inet_hash_connect+0x74/0x7d0 ? __pfx___inet_check_established+0x10/0x10 tcp_v4_connect+0x278/0x530 __inet_stream_connect+0x10f/0x3d0 inet_stream_connect+0x3a/0x60 __sys_connect+0xa8/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0x83/0x170 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7f62c11a885d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0 R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0 "> ,0b,c3,cc,cc,cc,cc,48,c7,c7,50,8f b7,82,c6,05,7a,13,ea,01,01,e8,RSP:,0018:ffffc90006b43b60,EFLAGS: 00010282,RAX:,0000000000000000,RBX:,ffff888009bb3ef0,RCX: 0000000000000027,RDX:,ffff88807be218c8,RSI:,0000000000000001,RDI: ffff88807be218c0,RBP:,0000000000069d70,R08:,0000000000000000,R09: ffffc90006b439f0,R10:,ffffc90006b439e8,R11:,0000000000000003,R12: ffff8880029ede84,R13:,0000000000004e20,R14:,ffffffff84356dc0,R15: ffff888009bb3ef0,FS:,00007f62c10926c0(0000),GS:ffff88807be00000(0000) knlGS:0000000000000000,CS:,0010,DS:,0000,ES:,0000,CR0: 0000000080050033,CR2:,0000000020ccb000,CR3:,000000004628c005,CR4: 0000000000f70ef0,PKRU:,55555554,Call,Trace:,,? refcount_warn_saturate+0xe5/0x110,?,__warn+0x81/0x130,? refcount_warn_saturate+0xe5/0x110,?,report_bug+0x171/0x1a0,? refcount_warn_saturate+0xe5/0x110,?,handle_bug+0x3c/0x80,? exc_invalid_op+0x17/0x70,?,asm_exc_invalid_op+0x1a/0x20,? refcount_warn_saturate+0xe5/0x110,tcp_twsk_unique+0x186/0x190 __inet_check_established+0x176/0x2d0,__inet_hash_connect+0x74/0x7d0,? __pfx___inet_check_established+0x10/0x10,tcp_v4_connect+0x278/0x530 __inet_stream_connect+0x10f/0x3d0,inet_stream_connect+0x3a/0x60 __sys_connect+0xa8/0xd0,__x64_sys_connect+0x18/0x20 do_syscall_64+0x83/0x170,entry_SYSCALL_64_after_hwframe+0x78/0x80,RIP: 0033:0x7f62c11a885d,Code:,ff,c3,66,2e,0f,1f,84,00,00,00,00,00,90,f3,0f 1e,fa,48,89,f8,48,89,f7,48,89,d6,48,89,ca,4d,89,c2,4d,89,c8,4c,8b,4c 24,08,0f,05,<48>,3d,01,f0,ff,ff,73,01,c3,48,8b,0d,a3,45,0c,00,f7,d8,64 89,01,48,RSP:,002b:00007f62c1091e58,EFLAGS:,00000296,ORIG_RAX: 000000000000002a,RAX:,ffffffffffffffda,RBX:,0000000020ccb004,RCX: 00007f62c11a885d,RDX:,0000000000000010,RSI:,0000000020ccb000,RDI: 0000000000000003,RBP:,00007f62c1091e90,R08:,0000000000000000,R09: 0000000000000000,R10:,0000000000000000,R11:,0000000000000296,R12: 00007f62c10926c0,R13:,ffffffffffffff88,R14:,0000000000000000,R15: 00007ffe237885b0, "> SecuritySpace - CVE-2024-36904
 
English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2024-36904
Description:In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait hashdance"), inet_twsk_hashdance() sets TIME- WAIT socket's sk_refcnt after putting it into ehash and releasing the bucket lock. Thus, there is a small race window where other threads could try to reuse the port during connect() and call sock_hold() in tcp_twsk_unique() for the TIME-WAIT socket with zero refcnt. If that happens, the refcnt taken by tcp_twsk_unique() is overwritten and sock_put() will cause underflow, triggering a real use-after-free somewhere else. To avoid the use-after-free, we need to use refcount_inc_not_zero() in tcp_twsk_unique() and give up on reusing the port if it returns false. [0]: refcount_t: addition on 0; use- after-free. WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110 CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1 Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023 RIP: 0010:refcount_warn_saturate+0xe5/0x110 Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8 RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027 RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0 RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0 R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84 R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0 FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: ? refcount_warn_saturate+0xe5/0x110 ? __warn+0x81/0x130 ? refcount_warn_saturate+0xe5/0x110 ? report_bug+0x171/0x1a0 ? refcount_warn_saturate+0xe5/0x110 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? refcount_warn_saturate+0xe5/0x110 tcp_twsk_unique+0x186/0x190 __inet_check_established+0x176/0x2d0 __inet_hash_connect+0x74/0x7d0 ? __pfx___inet_check_established+0x10/0x10 tcp_v4_connect+0x278/0x530 __inet_stream_connect+0x10f/0x3d0 inet_stream_connect+0x3a/0x60 __sys_connect+0xa8/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0x83/0x170 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7f62c11a885d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0 R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2024-36904
https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446
https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446
https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3
https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3
https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34
https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34
https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8
https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8
https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc
https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc
https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc
https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc
https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9
https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9
https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e
https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e



© 1998-2025 E-Soft Inc. All rights reserved.