CVE-2024-44935

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 26, 2024
Updated: Aug 27, 2024
CWE ID 476

Summary

CVE-2024-44935 is a vulnerability in the Linux kernel affecting several products where a null pointer dereference occurs during the execution of the reuseport_add_sock() function within the SCTP (Stream Control Transmission Protocol). The issue arises when one listener socket using the SO_REUSEPORT option is concurrently closed while another listener attempts to add itself to the same port, leading to potential discrepancies in socket management. This vulnerability has a medium severity rating, with an exploitability score of 1.8, and could result in high availability impact due to multiple identical reuseport groups being formed, with all but one becoming unusable. To remediate this issue, it is advised that users ensure proper synchronization for sockets classified into the same reuseport group when calling relevant functions like reuseport_alloc() and reuseport_{add,detach}_sock(). Organizations leveraging affected products should prioritize applying patches available from sources like the Linux kernel repository to mitigate risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share