CVE-2024-42246

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 7, 2024

Updated: Sep 12, 2024

CWE ID 835

Summary

CVE-2024-42246 is a Linux kernel vulnerability affecting the net and sunrpc modules. When using a BPF program with kernel_connect(), a return value of -EPERM from xs_tcp_setup_socket() causes an infinite loop and potential kernel freeze. A suggested remediation involves mapping -EPERM to a more expected network error, such as ECONNREFUSED, ensuring consistency across different layers and kernel versions. UDP already handles -EPERM in xs_udp_send_request().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xVjcBq
https://www.cve.org/CVERecord?id=CVE-2024-42246
https://nvd.nist.gov/vuln/detail/CVE-2024-42246

Back to Vulnerability Database

CVE-2024-42246

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations