CVE-2024-36905

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description A vulnerability in the Linux kernel's TCP implementation allows for a divide-by-zero error in the tcp rcv space adjust() function. This occurs when a socket transitions from the TCP SYN RECV state to the TCP FIN WAIT1 state without calling tcp init transfer(), which also means tcp init buffer space() is not called. The issue can be triggered by a remote attacker, potentially leading to a denial-of-service condition. To fix this, the tcp shutdown() function should be modified to not perform the TCP SYN RECV to TCP FIN WAIT1 transition, and instead, wait for the socket state to change to TCP ESTABLISH before entering the TCP FIN WAIT1 state and sending a FIN packet.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. If updating is not immediately possible, consider applying the patch that changes the tcp shutdown() function to correctly handle the TCP SYN RECV state transition. Additionally, as a temporary workaround, consider disabling the tcp shutdown() function for TCP SYN RECV sockets until a patch is available.