Lucene search

LinuxCVE-2024-41007

HistoryJul 15, 2024 - 9:15 a.m.

CVE-2024-41007

2024-07-1509:15:02

Linux

web.nvd.nist.gov

linux kernel

tcp socket

vulnerability

user timeout

retransmit packets

window retraction

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

Percentile

13.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

tcp: avoid too many retransmit packets

If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
retracted its window to zero, tcp_retransmit_timer() can
retransmit a packet every two jiffies (2 ms for HZ=1000),
for about 4 minutes after TCP_USER_TIMEOUT has ‘expired’.

The fix is to make sure tcp_rtx_probe0_timed_out() takes
icsk->icsk_user_timeout into account.

Before blamed commit, the socket would not timeout after
icsk->icsk_user_timeout, but would use standard exponential
backoff for the retransmits.

Also worth noting that before commit e89688e3e978 (“net: tcp:
fix unexcepted socket die when snd_wnd is 0”), the issue
would last 2 minutes instead of 4.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange4.19–5.4.280

linuxlinux_kernelRange5.5–5.10.222

linuxlinux_kernelRange5.11–5.15.163

linuxlinux_kernelRange5.16–6.1.100

linuxlinux_kernelRange6.2–6.6.41

linuxlinux_kernelRange6.7–6.9.10

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/ipv4/tcp_timer.c"
    ],
    "versions": [
      {
        "version": "b701a99e431d",
        "lessThan": "7bb7670f92bf",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "d2346fca5bed",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "5d7e64d70a11",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "04317a2471c2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "e113cddefa27",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "dfcdd7f89e40",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "66cb64a1d223",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b701a99e431d",
        "lessThan": "97a9063518f1",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/ipv4/tcp_timer.c"
    ],
    "versions": [
      {
        "version": "4.19",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.19",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.318",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.280",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.222",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.163",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.100",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.41",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.10",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]