PT-2024-6978 · Linux+10 · Linux Kernel+10

Ignat Korchagin

Publicado

2024-06-20

Atualizado

2026-05-26

CVE-2024-40954

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Nome do software vulnerável e versões afetadas

Versões do kernel Linux anteriores à 6.10.0-rc2+

Descrição

A vulnerabilidade está relacionada a um problema de uso após liberação (use-after-free) no código de rede do kernel Linux. Ela pode ser acionada ao anexar um fentry probe a sock release() e o probe chamar o helper bpf get socket cookie(), ou ao executar traceroute -I 1.1.1.1 em uma VM recém-inicializada. Um kernel com KASAN habilitado registrará um erro de uso após liberação de slab em sock gen cookie(). O problema é causado por um ponteiro sk pendente quando a criação do soquete falha.

Para explorar essa vulnerabilidade, um invasor precisaria ser capaz de executar comandos privilegiados no sistema, como anexar um probe fentry ou executar traceroute com opções específicas. A vulnerabilidade poderia potencialmente permitir que um invasor obtivesse privilégios elevados ou interrompesse a operação do sistema.

Recomendações

Para resolver este problema, recomenda-se atualizar o kernel do Linux para uma versão que inclua a correção para esta vulnerabilidade. Especificamente, a correção envolve limpar a referência à estrutura socket em sk common release() para abranger todas as funções de criação de famílias de protocolos.

No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Exploit

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2024:5363

ALSA-2024:7000

ALSA-2024:7001

ALSA-2025_16880

ALT-PU-2024-13979

ALT-PU-2024-14046

BDU:2024-08227

CESA-2024_7000

CESA-2024_7001

CVE-2024-40954

DLA-4008-1

DSA-5731-1

INFSA-2024_5363

INFSA-2024_7000

INFSA-2024_7001

OESA-2024-2590

OPENSUSE-SU-2024_2947-1

OPENSUSE-SU-2024_3623-1

OPENSUSE-SU-2024_3624-1

OPENSUSE-SU-2024_3625-1

OPENSUSE-SU-2024_3627-1

OPENSUSE-SU-2024_3631-1

OPENSUSE-SU-2024_3632-1

OPENSUSE-SU-2024_3635-1

OPENSUSE-SU-2024_3636-1

OPENSUSE-SU-2024_3638-1

OPENSUSE-SU-2024_3639-1

OPENSUSE-SU-2024_3643-1

OPENSUSE-SU-2024_3655-1

OPENSUSE-SU-2024_3666-1

OPENSUSE-SU-2024_3670-1

OPENSUSE-SU-2024_3672-1

OPENSUSE-SU-2024_3679-1

OPENSUSE-SU-2024_3680-1

OPENSUSE-SU-2024_3694-1

OPENSUSE-SU-2024_3695-1

OPENSUSE-SU-2024_3696-1

OPENSUSE-SU-2024_3697-1

OPENSUSE-SU-2024_3700-1

OPENSUSE-SU-2024_3701-1

OPENSUSE-SU-2024_3702-1

OPENSUSE-SU-2024_3706-1

OPENSUSE-SU-2024_3707-1

OPENSUSE-SU-2024_3708-1

OPENSUSE-SU-2024_3710-1

OPENSUSE-SU-2024_3780-1

OPENSUSE-SU-2024_3793-1

OPENSUSE-SU-2024_3806-1

OPENSUSE-SU-2024_3815-1

OPENSUSE-SU-2024_3829-1

OPENSUSE-SU-2024_3830-1

OPENSUSE-SU-2024_3831-1

OPENSUSE-SU-2024_3833-1

OPENSUSE-SU-2024_3836-1

OPENSUSE-SU-2024_3837-1

OPENSUSE-SU-2024_3840-1

OPENSUSE-SU-2024_3842-1

OPENSUSE-SU-2024_3851-1

OPENSUSE-SU-2024_3852-1

OPENSUSE-SU-2024_3855-1

OPENSUSE-SU-2024_3856-1

OPENSUSE-SU-2024_3857-1

OPENSUSE-SU-2024_3860-1

OPENSUSE-SU-2024_3880-1

OPENSUSE-SU-2024_3881-1

OPENSUSE-SU-2024_3882-1

OPENSUSE-SU-2024_3884-1

OPENSUSE-SU-2024_4122-1

OPENSUSE-SU-2024_4123-1

OPENSUSE-SU-2024_4124-1

OPENSUSE-SU-2024_4125-1

OPENSUSE-SU-2024_4127-1

OPENSUSE-SU-2024_4128-1

OPENSUSE-SU-2024_4207-1

OPENSUSE-SU-2024_4208-1

OPENSUSE-SU-2024_4209-1

OPENSUSE-SU-2024_4210-1

OPENSUSE-SU-2024_4214-1

OPENSUSE-SU-2024_4216-1

OPENSUSE-SU-2024_4218-1

OPENSUSE-SU-2024_4228-1

OPENSUSE-SU-2024_4234-1

OPENSUSE-SU-2024_4235-1

OPENSUSE-SU-2024_4236-1

OPENSUSE-SU-2024_4243-1

OPENSUSE-SU-2024_4262-1

OPENSUSE-SU-2024_4266-1

OPENSUSE-SU-2024_4275-1

OPENSUSE-SU-2025_0107-1

OPENSUSE-SU-2025_0109-1

OPENSUSE-SU-2025_0110-1

OPENSUSE-SU-2025_0111-1

OPENSUSE-SU-2025_0114-1

OPENSUSE-SU-2025_0115-1

OPENSUSE-SU-2025_0124-1

OPENSUSE-SU-2025_0138-1

OPENSUSE-SU-2025_0146-1

OPENSUSE-SU-2025_0150-1

OPENSUSE-SU-2025_0158-1

OPENSUSE-SU-2025_0164-1

OPENSUSE-SU-2025_0168-1

OPENSUSE-SU-2025_0187-1

OPENSUSE-SU-2025_0188-1

OPENSUSE-SU-2025_0248-1

OPENSUSE-SU-2025_0249-1

OPENSUSE-SU-2025_0251-1

OPENSUSE-SU-2025_0252-1

OPENSUSE-SU-2025_0253-1

OPENSUSE-SU-2025_0254-1

OPENSUSE-SU-2025_0255-1

OPENSUSE-SU-2025_0260-1

OPENSUSE-SU-2025_0261-1

OPENSUSE-SU-2025_0262-1

OPENSUSE-SU-2025_0264-1

OPENSUSE-SU-2025_0265-1

OPENSUSE-SU-2025_0266-1

RHSA-2024:5363

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024_5363

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:5363

RLSA-2024:7001

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3623-1

SUSE-SU-2024:3624-1

SUSE-SU-2024:3625-1

SUSE-SU-2024:3626-1

SUSE-SU-2024:3627-1

SUSE-SU-2024:3628-1

SUSE-SU-2024:3631-1

SUSE-SU-2024:3632-1

SUSE-SU-2024:3635-1

SUSE-SU-2024:3636-1

SUSE-SU-2024:3638-1

SUSE-SU-2024:3639-1

SUSE-SU-2024:3643-1

SUSE-SU-2024:3655-1

SUSE-SU-2024:3666-1

SUSE-SU-2024:3670-1

SUSE-SU-2024:3672-1

SUSE-SU-2024:3679-1

SUSE-SU-2024:3680-1

SUSE-SU-2024:3694-1

SUSE-SU-2024:3695-1

SUSE-SU-2024:3696-1

SUSE-SU-2024:3697-1

SUSE-SU-2024:3700-1

SUSE-SU-2024:3701-1

SUSE-SU-2024:3702-1

SUSE-SU-2024:3706-1

SUSE-SU-2024:3707-1

SUSE-SU-2024:3708-1

SUSE-SU-2024:3710-1

SUSE-SU-2024:3780-1

SUSE-SU-2024:3793-1

SUSE-SU-2024:3806-1

SUSE-SU-2024:3815-1

SUSE-SU-2024:3829-1

SUSE-SU-2024:3830-1

SUSE-SU-2024:3831-1

SUSE-SU-2024:3833-1

SUSE-SU-2024:3835-1

SUSE-SU-2024:3836-1

SUSE-SU-2024:3837-1

SUSE-SU-2024:3840-1

SUSE-SU-2024:3842-1

SUSE-SU-2024:3851-1

SUSE-SU-2024:3852-1

SUSE-SU-2024:3855-1

SUSE-SU-2024:3856-1

SUSE-SU-2024:3857-1

SUSE-SU-2024:3860-1

SUSE-SU-2024:3880-1

SUSE-SU-2024:3881-1

SUSE-SU-2024:3882-1

SUSE-SU-2024:3884-1

SUSE-SU-2024:4122-1

SUSE-SU-2024:4123-1

SUSE-SU-2024:4124-1

SUSE-SU-2024:4125-1

SUSE-SU-2024:4127-1

SUSE-SU-2024:4128-1

SUSE-SU-2024:4139-1

SUSE-SU-2024:4207-1

SUSE-SU-2024:4208-1

SUSE-SU-2024:4209-1

SUSE-SU-2024:4210-1

SUSE-SU-2024:4214-1

SUSE-SU-2024:4216-1

SUSE-SU-2024:4218-1

SUSE-SU-2024:4228-1

SUSE-SU-2024:4234-1

SUSE-SU-2024:4235-1

SUSE-SU-2024:4236-1

SUSE-SU-2024:4243-1

SUSE-SU-2024:4262-1

SUSE-SU-2024:4266-1

SUSE-SU-2024:4275-1

SUSE-SU-2025:0084-1

SUSE-SU-2025:0107-1

SUSE-SU-2025:0109-1

SUSE-SU-2025:0110-1

SUSE-SU-2025:0111-1

SUSE-SU-2025:0114-1

SUSE-SU-2025:0115-1

SUSE-SU-2025:0124-1

SUSE-SU-2025:0138-1

SUSE-SU-2025:0146-1

SUSE-SU-2025:0150-1

SUSE-SU-2025:0158-1

SUSE-SU-2025:0164-1

SUSE-SU-2025:0168-1

SUSE-SU-2025:0187-1

SUSE-SU-2025:0188-1

SUSE-SU-2025:0248-1

SUSE-SU-2025:0249-1

SUSE-SU-2025:0251-1

SUSE-SU-2025:0252-1

SUSE-SU-2025:0253-1

SUSE-SU-2025:0254-1

SUSE-SU-2025:0255-1

SUSE-SU-2025:0260-1

SUSE-SU-2025:0261-1

SUSE-SU-2025:0262-1

SUSE-SU-2025:0264-1

SUSE-SU-2025:0265-1

SUSE-SU-2025:0266-1

SUSE-SU-2025:0269-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-6978 · Linux+10 · Linux Kernel+10

CVE-2024-40954

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3360