CVE-2024-44946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.6

Description The vulnerability is related to a use-after-free issue in the kcm release function of the Linux kernel. This occurs when a thread is building a MSG MORE skb and another thread concurrently calls sendmsg, finishing the building of the skb and putting it into the write queue. If the first thread encounters an error and frees the skb, which is already in the write queue, the kcm release function will double-free the skb, leading to a slab-use-after-free error. To resolve this, a per-sk mutex is added to serialize the kcm sendmsg function for the same socket.

Recommendations To resolve the issue, update the Linux kernel to version 6.10.6 or later. If updating is not possible, consider applying patches or workarounds provided by the Linux kernel community or distribution maintainers to mitigate the vulnerability. As a temporary workaround, consider disabling the kcm sendmsg function until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation.