CVE-2024-36938

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to a NULL pointer dereference in the sk psock skb ingress enqueue() function, which can cause a data-race. This vulnerability was reported by syzbot and is related to the sk psock drop() and sk psock skb ingress enqueue() functions. The sk psock verdict data ready() function is also affected. To avoid errors, the sk callback lock read lock should be used to protect the saved data ready variable.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available. However, since the issue is resolved in the mentioned kernel version, updating is the recommended course of action.

Note: The provided information does not specify the exact versions that are vulnerable, only that versions prior to 6.6.37 are affected. Therefore, updating to 6.6.37 or later is the recommended solution.