CVE-2024-40958

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc3

Description The vulnerability is related to the get net ns() function in the Linux kernel, which fails to handle a zero refcount net. This can lead to a use-after-free condition, causing a kernel panic. The issue is triggered when the tun set iff() function is called with a device set to tun0, followed by setting the network namespace of tun0 to ns1 and then putting the network reference count to zero. The tun chr ioctl() function is then called with the TUNGETDEVNETNS command, which attempts to access the network namespace, resulting in a kernel panic.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the get net ns() function. Alternatively, as a temporary workaround, consider disabling the tun module or restricting access to the TUNGETDEVNETNS command until a patched kernel is available.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available kernel version.