Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-42246
HistoryAug 07, 2024 - 3:14 p.m.

CVE-2024-42246 net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

2024-08-0715:14:31
Linux
github.com
1
linux
kernel
vulnerability
net
sunrpc
eperm
connection failure
xs_tcp_setup_socket

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

When using a BPF program on kernel_connect(), the call can return -EPERM. This
causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing
the kernel to potentially freeze up.

Neil suggested:

This will propagate -EPERM up into other layers which might not be ready
to handle it. It might be safer to map EPERM to an error we would be more
likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.

ECONNREFUSED as error seems reasonable. For programs setting a different error
can be out of reach (see handling in 4fbac77d2d09) in particular on kernels
which do not have f10d05966196 (“bpf: Make BPF_PROG_RUN_ARRAY return -err
instead of allow boolean”), thus given that it is better to simply remap for
consistent behavior. UDP does handle EPERM in xs_udp_send_request().

Related

ubuntucve 1
debiancve 1
cvelist 1
redhatcve 1
cbl_mariner 1
nvd 1
cve 1
osv 8
nessus 11
photon 2
redhat 2
openvas 1
ubuntucve
ubuntucve
CVE-2024-42246
2024-08-07 00:00:00
debiancve
debiancve
CVE-2024-42246
2024-08-07 16:15:47
cvelist
cvelist
CVE-2024-42246 net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
2024-08-07 15:14:31
redhatcve
redhatcve
CVE-2024-42246
2024-08-08 17:47:49
cbl_mariner
cbl_mariner
CVE-2024-42246 affecting package kernel for versions less than 6.6.43.1-7
2024-08-14 20:43:58
nvd
nvd
CVE-2024-42246
2024-08-07 16:15:47
cve
cve
CVE-2024-42246
2024-08-07 16:15:47
osv
osv
CVE-2024-42246
2024-08-07 16:15:47
Security update for the Linux Kernel
2024-09-16 08:57:49
Security update for the Linux Kernel
2024-09-16 08:58:05
nessus
nessus
Photon OS 4.0: Linux PHSA-2024-4.0-0692
2024-09-14 00:00:00
RHEL 9 : kernel (RHSA-2024:6744)
2024-09-18 00:00:00
RHEL 9 : kernel-rt (RHSA-2024:6745)
2024-09-18 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0692
2024-09-13 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0345
2024-08-09 00:00:00
redhat
redhat
(RHSA-2024:6745) Moderate: kernel-rt security update
2024-09-18 00:00:55
(RHSA-2024:6744) Moderate: kernel security update
2024-09-18 00:00:27
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3252-1)
2024-09-17 00:00:00

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-42246
ubuntucve1debiancve1cvelist1redhatcve1cbl_mariner1nvd1cve1osv8nessus11photon2redhat2openvas1