Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-42246
HistoryAug 07, 2024 - 4:15 p.m.

CVE-2024-42246

2024-08-0716:15:47
CWE-835
Linux
web.nvd.nist.gov
57
linux kernel
vulnerability
syslog
kernel freeze
network system
eperm
econnrefused
enetdown
udp

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

When using a BPF program on kernel_connect(), the call can return -EPERM. This
causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing
the kernel to potentially freeze up.

Neil suggested:

This will propagate -EPERM up into other layers which might not be ready
to handle it. It might be safer to map EPERM to an error we would be more
likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.

ECONNREFUSED as error seems reasonable. For programs setting a different error
can be out of reach (see handling in 4fbac77d2d09) in particular on kernels
which do not have f10d05966196 (“bpf: Make BPF_PROG_RUN_ARRAY return -err
instead of allow boolean”), thus given that it is better to simply remap for
consistent behavior. UDP does handle EPERM in xs_udp_send_request().

Affected configurations

Nvd
Vulners
Node
linuxlinux_kernelRange4.176.1.100
OR
linuxlinux_kernelRange6.26.6.41
OR
linuxlinux_kernelRange6.76.9.10
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sunrpc/xprtsock.c"
    ],
    "versions": [
      {
        "version": "4fbac77d2d09",
        "lessThan": "bc7902612189",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "934247ea65bc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "02ee1976edb2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "5d8254e01299",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "f2431e7db0fe",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "d6c686c01c5f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "f388cfd913a2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4fbac77d2d09",
        "lessThan": "626dfed5fa3b",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sunrpc/xprtsock.c"
    ],
    "versions": [
      {
        "version": "4.17",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.17",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.322",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.284",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.226",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.167",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.100",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.41",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.10",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
debiancve 1
cvelist 1
redhatcve 1
vulnrichment 1
cbl_mariner 1
nvd 1
osv 8
nessus 11
photon 2
redhat 2
openvas 1
ubuntucve
ubuntucve
CVE-2024-42246
2024-08-07 00:00:00
debiancve
debiancve
CVE-2024-42246
2024-08-07 16:15:47
cvelist
cvelist
CVE-2024-42246 net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
2024-08-07 15:14:31
redhatcve
redhatcve
CVE-2024-42246
2024-08-08 17:47:49
vulnrichment
vulnrichment
CVE-2024-42246 net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
2024-08-07 15:14:31
cbl_mariner
cbl_mariner
CVE-2024-42246 affecting package kernel for versions less than 6.6.43.1-7
2024-08-14 20:43:58
nvd
nvd
CVE-2024-42246
2024-08-07 16:15:47
osv
osv
CVE-2024-42246
2024-08-07 16:15:47
Security update for the Linux Kernel
2024-09-16 08:57:49
Security update for the Linux Kernel
2024-09-10 08:45:03
nessus
nessus
Photon OS 4.0: Linux PHSA-2024-4.0-0692
2024-09-14 00:00:00
RHEL 9 : kernel-rt (RHSA-2024:6745)
2024-09-18 00:00:00
RHEL 9 : kernel (RHSA-2024:6744)
2024-09-18 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0692
2024-09-13 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0345
2024-08-09 00:00:00
redhat
redhat
(RHSA-2024:6745) Moderate: kernel-rt security update
2024-09-18 00:00:55
(RHSA-2024:6744) Moderate: kernel security update
2024-09-18 00:00:27
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3252-1)
2024-09-17 00:00:00

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.0%

JSON
Related for CVE-2024-42246
ubuntucve1debiancve1cvelist1redhatcve1vulnrichment1cbl_mariner1nvd1osv8nessus11photon2redhat2openvas1