CVE-2024-35969

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9.0-rc2.main-00208-g49563be82afa #14

Description: The vulnerability is related to a race condition between the ipv6 get ifaddr and ipv6 del addr functions in the Linux kernel. This can lead to a use-after-free error, allowing an attacker to potentially elevate privileges in the system. The issue arises when ipv6 get ifaddr walks the inet6 addr lst under the RCU lock, and hlist for each entry rcu can return an item that has been removed from the list. If ipv6 del addr is called in parallel, it can remove the entry from the list and drop all references, causing the reference count to drop to zero and kfree rcu to be scheduled.

The vulnerable functions are (ipv6 get ifaddr) and (ipv6 del addr). The vulnerable parameters are ifp->addr lst and in6 ifa hold.

Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the race condition between ipv6 get ifaddr and ipv6 del addr.

As a temporary workaround, consider disabling the ipv6 get ifaddr function until a patch is available. However, this may have significant implications for the system's functionality and should be carefully considered before implementation.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.