CVE-2024-26732

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b

Description A vulnerability has been resolved in the Linux kernel, specifically in the net subsystem, where a lockdep violation was reported by syzbot involving af unix support of SO PEEK OFF. The issue arises because SO PEEK OFF is inherently not thread-safe, using a per-socket sk peek off field. After the patch, setsockopt(SO PEEK OFF) no longer acquires the socket lock, and skb consume udp() does not need to acquire the socket lock. Additionally, af unix no longer requires a special version of sk set peek off() since it does not lock u->iolock anymore.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the patch for this vulnerability. Specifically, versions 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b and later should be used. If updating is not immediately possible, consider temporarily disabling the use of SO PEEK OFF to minimize the risk of exploitation.