CVE-2024-49864

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue is related to a race condition between socket setup and I/O thread creation in the Linux kernel's rxrpc module. Specifically, in rxrpc open socket(), there is a gap between setting up the socket and the I/O thread that handles it, during which a packet may arrive from a UDP packet, causing an error when trying to wake the not-yet-created I/O thread. A quick fix involves making rxrpc encap rcv() discard the packet if there's no I/O thread yet. A more intrusive fix could involve rearranging the socket creation to be done by the I/O thread.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider modifying rxrpc encap rcv() to discard packets when there's no I/O thread yet, or rearranging the socket creation to be done by the I/O thread.