CVE-2024-46771

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the removal of a proc entry when a device is unregistered. Syzkaller reported a warning in the bcm connect() function. The vulnerability occurs when a BCM socket is connected, allocating a proc entry, and then the bound device is removed, resetting the bcm sk(sk)->bound value to 0. A subsequent connect attempt tries to allocate a proc entry with the same name, leading to a leak of the original proc entry. The proc entry is only available for connected sockets, so it should be cleaned up when the bound netdev is unregistered.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the bcm connect() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the ifindex parameter in the affected API endpoint until the issue is resolved.