{"uuid": "1ba249b6-4174-4fdf-82d2-3bf3e7b522e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57903", "type": "seen", "source": "https://t.me/cvedetector/15450", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57903 - Linux kernel SO_REUSEPORT Inet Socket Restriction Comic Book Bug\", \n  \"Content\": \"CVE ID : CVE-2024-57903 \nPublished : Jan. 15, 2025, 1:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: restrict SO_REUSEPORT to inet sockets  \n  \nAfter blamed commit, crypto sockets could accidentally be destroyed  \nfrom RCU call back, as spotted by zyzbot [1].  \n  \nTrying to acquire a mutex in RCU callback is not allowed.  \n  \nRestrict SO_REUSEPORT socket option to inet sockets.  \n  \nv1 of this patch supported TCP, UDP and SCTP sockets,  \nbut fcnal-test.sh test needed RAW and ICMP support.  \n  \n[1]  \nBUG: sleeping function called from invalid context at kernel/locking/mutex.c:562  \nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1  \npreempt_count: 100, expected: 0  \nRCU nest depth: 0, expected: 0  \n1 lock held by ksoftirqd/1/24:  \n  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]  \n  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline]  \n  #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823  \nPreemption disabled at:  \n [] softirq_handle_begin kernel/softirq.c:402 [inline]  \n [] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537  \nCPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024  \nCall Trace:  \n   \n  __dump_stack lib/dump_stack.c:94 [inline]  \n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120  \n  __might_resched+0x5d4/0x780 kernel/sched/core.c:8758  \n  __mutex_lock_common kernel/locking/mutex.c:562 [inline]  \n  __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735  \n  crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179  \n  aead_release+0x3d/0x50 crypto/algif_aead.c:489  \n  alg_do_release crypto/af_alg.c:118 [inline]  \n  alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502  \n  __sk_destruct+0x58/0x5f0 net/core/sock.c:2260  \n  rcu_do_batch kernel/rcu/tree.c:2567 [inline]  \n  rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823  \n  handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561  \n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:950  \n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164  \n  kthread+0x2f0/0x390 kernel/kthread.c:389  \n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147  \n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T15:06:54.000000Z"}