CVE-2024-41007

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-41007
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41007.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-41007
Downstream
Related
Published
2024-07-15T08:48:10.174Z
Modified
2026-05-15T11:53:15.545928043Z
Summary
tcp: avoid too many retransmit packets
Details

In the Linux kernel, the following vulnerability has been resolved:

tcp: avoid too many retransmit packets

If a TCP socket is using TCPUSERTIMEOUT, and the other peer retracted its window to zero, tcpretransmittimer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCPUSERTIMEOUT has 'expired'.

The fix is to make sure tcprtxprobe0timedout() takes icsk->icskusertimeout into account.

Before blamed commit, the socket would not timeout after icsk->icskusertimeout, but would use standard exponential backoff for the retransmits.

Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41007.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.19.0
Fixed
4.19.318
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.280
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.222
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.163
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.100
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.41
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.10

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41007.json"