CVE-2024-50036

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been resolved, related to the dst entries add() function using per-cpu data that might be freed at netns dismantle from ip6 route net exit() calling dst entries destroy(). This can cause a race condition, as dst entries destroy() could have been called already. The issue is also related to the dst release() function, which waits an rcu grace period before calling dst destroy(). Additionally, in the CONFIG XFRM case, dst destroy() can call dst release immediate(child), potentially causing a use-after-free (UAF) issue if the child does not have DST NOCOUNT set.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the dst entries add() function until a patch is available. Restrict access to the dst release() function to minimize the risk of exploitation. Avoid using the dst entries destroy() function in conjunction with dst release() until the issue is resolved. At the moment, there is no other information about additional mitigation measures.