Linux · Linux Kernel · CVE-2024-50036
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A vulnerability in the Linux kernel has been resolved, related to the `dst entries add()` function using per-cpu data that might be freed at netns dismantle from `ip6 route net exit()` calling `dst entries destroy()`. This can cause a race condition, as `dst entries destroy()` could have been called already. The issue is also related to the `dst release()` function, which waits an rcu grace period before calling `dst destroy()`. Additionally, in the `CONFIG XFRM` case, `dst destroy()` can call `dst release immediate(child)`, potentially causing a use-after-free (UAF) issue if the child does not have `DST NOCOUNT` set.
Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the `dst entries add()` function until a patch is available. Restrict access to the `dst release()` function to minimize the risk of exploitation. Avoid using the `dst entries destroy()` function in conjunction with `dst release()` until the issue is resolved. At the moment, there is no other information about additional mitigation measures.