CVE-2024-26731
- Source
- https://cve.org/CVERecord?id=CVE-2024-26731
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26731.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26731
- Downstream
- Related
- Published
- 2024-04-03T17:00:18.823Z
- Modified
- 2026-03-13T07:51:57.763331Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready()
syzbot reported the following NULL pointer dereference issue [1]:
BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace: <TASK> skpsockverdictdataready+0x232/0x340 net/core/skmsg.c:1230 unixstreamsendmsg+0x9b4/0x1230 net/unix/afunix.c:2293 socksendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] _syssendmsg+0x2b0/0x3a0 net/socket.c:2667 dosyscall64+0xf9/0x240 entrySYSCALL64afterhwframe+0x6f/0x77
If skpsockverdictdataready() and skpsockstopverdict() are called concurrently, psock->saveddata_ready can be NULL, causing the above issue.
This patch fixes this issue by calling the appropriate data ready function using the skpsockdataready() helper and protecting it from concurrency with sk->skcallback_lock.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26731.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54
- https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8
- https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26
- https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26731.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-26731
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd628fc697ee59b76bd3877c4bd13f07ccc3776fFixed4588b13abcbd561ec67f5b3c1cb2eff690990a54
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6df7f764cd3cf5a03a4a47b23be47e57e41fcd85Fixed9b099ed46dcaf1403c531ff02c3d7400fa37fa26Fixedd61608a4e394f23e0dca099df9eb8e555453d949Fixed4cd12c6065dfcdeba10f49949bffcf383b3952d8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedd3cbd7c571446a876aefd8320500300b2c951c58