{"uuid": "06fa41fb-fb5f-4359-a701-33fb99f5accd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53139", "type": "seen", "source": "https://t.me/cvedetector/11993", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-53139 - In the Linux kernel, the following vulnerability h\", \n \"Content\": \"CVE ID : CVE-2024-53139 \nPublished : Dec. 4, 2024, 3:15 p.m. | 18\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsctp: fix possible UAF in sctp_v6_available() \n \nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints \nthat sctp_v6_available() is calling dev_get_by_index_rcu() \nand ipv6_chk_addr() without holding rcu. \n \n[1] \n ============================= \n WARNING: suspicious RCU usage \n 6.12.0-rc5-virtme #1216 Tainted: G W \n ----------------------------- \n net/core/dev.c:876 RCU-list traversed in non-reader section!! \n \nother info that might help us debug this: \n \nrcu_scheduler_active = 2, debug_locks = 1 \n 1 lock held by sctp_hello/31495: \n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp \n \nstack backtrace: \n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216 \n Tainted: [W]=WARN \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 \n Call Trace: \n \n dump_stack_lvl (lib/dump_stack.c:123) \n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) \n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7)) \n sctp_v6_available (net/sctp/ipv6.c:701) sctp \n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp \n sctp_bind (net/sctp/socket.c:320) sctp \n inet6_bind_sk (net/ipv6/af_inet6.c:465) \n ? security_socket_bind (security/security.c:4581 (discriminator 1)) \n __sys_bind (net/socket.c:1848 net/socket.c:1869) \n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) \n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13)) \n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1)) \n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) \n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) \n RIP: 0033:0x7f59b934a1e7 \n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <483d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 \nAll code \n======== \n 0: 44 00 00 add %r8b,(%rax) \n 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 \n a: f7 d8 neg %eax \n c: 64 89 02 mov %eax,%fs:(%rdx) \n f: b8 ff ff ff ff mov $0xffffffff,%eax \n 14: eb bd jmp 0xffffffffffffffd3 \n 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) \n 1d: 00 00 00 \n 20: 0f 1f 00 nopl (%rax) \n 23: b8 31 00 00 00 mov $0x31,%eax \n 28: 0f 05 syscall \n 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <--\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T16:45:26.000000Z"}