CVE-2024-53140

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description The Linux kernel had a vulnerability that has been resolved. Netlink supports iterative dumping of data, providing the following operations: start, dump, and done. The process is asynchronous, and repeated calls to dump are triggered in response to recvmsg() on the socket. This gives the user full control over the dump, but also means that the user can close the socket without getting to the end of the dump. To ensure that start is always paired with done, the kernel checks if there is an ongoing dump before freeing the socket and calls done if necessary. However, the use of a workqueue to defer the call does not work correctly, as it defers the release of a reference on the socket instead of the cleanup. Since only the user can interact with dumps, the kernel can clean up when the socket is closed, and close always happens in process context.

Recommendations For Linux kernel versions prior to 6.6.65, update to version 6.6.65 or later to resolve the issue. As a temporary workaround, consider disabling the dump operation until a patch is available. Restrict access to the Netlink socket to minimize the risk of exploitation. Avoid using the start and done operations in the affected API endpoint until the issue is resolved.