一、 漏洞 CVE-2024-49944 基础信息
漏洞标题
SCTP协议栈中因状态机处理不当存在状态错误漏洞
来源:AIGC 神龙大模型
漏洞描述信息
在Linux内核中,已修复以下漏洞: sctp: 若sctp_listen_start中的autobind失败,则应将sk_state重置为CLOSED 在由sctp_inet_listen调用的sctp_listen_start()中,如果由于某种原因sctp_autobind()失败,应将sk_state重置为CLOSED。 否则,下次调用sctp_inet_listen()时,如果sctp_sk(sk)->reuse已经通过setsockopt(SCTP_REUSE_PORT)设置,则由于sk_state为LISTENING,会解引用sctp_sk(sk)->bind_hash,而此时bind_hash为NULL,导致崩溃。 KASAN: null-ptr-deref 在范围 [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 调用跟踪: <TASK> __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline]
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
来源:AIGC 神龙大模型
漏洞类别
不恰当的资源关闭或释放
来源:AIGC 神龙大模型
漏洞标题
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: <TASK> __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline]
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于sctp子系统中在自动绑定失败时未将sk_state重置为CLOSED,可能导致空指针解引用。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-49944 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-49944 的情报信息

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2024-49944