CVE-2024-26614: Linux Kernel TCP Vulnerability - Accept Queue Spinlocks Initialization Issue

In the Linux kernel, a vulnerability was discovered that could potentially lead to a compromised system. The vulnerability (CVE-2024-26614) is related to the initialization of spinlocks in the TCP accept queue, leading to a corrupted value and a subsequent system warning. The issue occurs when running the reproduction C program provided by syz.

The vulnerability has been resolved with the following fix

tcp: make sure init the accept_queue's spinlocks once

The issue arises when executing the reproduction program, which generates the following warning

pvqspinlock: lock xffff9d181cd5c660 has corrupted value x!
WARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)

A detailed analysis of the issue triggering the process reveals that it occurs in the following sequence of events:

Thread A                                       Thread B
tcp_v4_rcv	//receive ack TCP packet       inet_shutdown
  tcp_check_req                                  tcp_disconnect //disconnect sock
  ...                                              tcp_set_state(sk, TCP_CLOSE)
    inet_csk_complete_hashdance                ...
      inet_csk_reqsk_queue_add         

Upon receiving an ACK TCP packet by Thread A and disconnecting the socket by Thread B, the issue arises due to improper spinlock initialization in the accept queue. The fix ensures that the spinlocks are initialized once, resolving the vulnerability.

Original references for this vulnerability can be found in the following resources

1. Linux Kernel Mailing List (LKML) Discussion
2. syz's Reproduction C Program
3. Linux Git Repository

Exploit details

Given the nature of the vulnerability, an attacker could potentially exploit it by causing a deadlock or denial of service on affected systems. However, no public exploits are currently available for CVE-2024-26614.

In conclusion, this vulnerability (CVE-2024-26614) could lead to performance issues or denial-of-service attacks on Linux-based systems. The Linux kernel developers have addressed the vulnerability by initializing the TCP accept queue spinlocks once, effectively resolving the issue. It is strongly recommended to update your Linux kernel to the latest version to mitigate this vulnerability.

Timeline

Published on: 03/11/2024 18:15:19 UTC
Last modified on: 03/12/2024 12:40:13 UTC