CVE-2024-27404 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remote_id Similar to the previous patch, address the data race on remote_id, adding the suitable ONCE annotations.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e
https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61
https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2
https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066
https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-27404-ab54@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27404
https://www.cve.org/CVERecord?id=CVE-2024-27404

History

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T11:40:21.607Z

Updated: 2024-11-05T09:21:35.811Z

Reserved: 2024-02-25T13:47:42.681Z

Link: CVE-2024-27404

Vulnrichment

Updated: 2024-08-02T00:34:52.192Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T12:15:10.287

Modified: 2024-05-17T18:35:35.070

Link: CVE-2024-27404

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-27404 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27404", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.681Z", "datePublished": "2024-05-17T11:40:21.607Z", "dateUpdated": "2024-11-05T09:21:35.811Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:21:35.811Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data races on remote_id\n\nSimilar to the previous patch, address the data race on\nremote_id, adding the suitable ONCE annotations."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/pm_netlink.c", "net/mptcp/subflow.c"], "versions": [{"version": "bedee0b56113", "lessThan": "e64148635509", "status": "affected", "versionType": "git"}, {"version": "bedee0b56113", "lessThan": "2dba5774e8ed", "status": "affected", "versionType": "git"}, {"version": "bedee0b56113", "lessThan": "987c3ed7297e", "status": "affected", "versionType": "git"}, {"version": "bedee0b56113", "lessThan": "967d3c27127e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/pm_netlink.c", "net/mptcp/subflow.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.81", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066"}, {"url": "https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e"}, {"url": "https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2"}, {"url": "https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61"}], "title": "mptcp: fix data races on remote_id", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:39.256806Z", "id": "CVE-2024-27404", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:43:55.610Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.192Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.192Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27404", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:39.256806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:40.580Z"}}], "cna": {"title": "mptcp: fix data races on remote_id", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "bedee0b56113", "lessThan": "e64148635509", "versionType": "git"}, {"status": "affected", "version": "bedee0b56113", "lessThan": "2dba5774e8ed", "versionType": "git"}, {"status": "affected", "version": "bedee0b56113", "lessThan": "987c3ed7297e", "versionType": "git"}, {"status": "affected", "version": "bedee0b56113", "lessThan": "967d3c27127e", "versionType": "git"}], "programFiles": ["net/mptcp/pm_netlink.c", "net/mptcp/subflow.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.81", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.19", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mptcp/pm_netlink.c", "net/mptcp/subflow.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e64148635509bf13eea851986f5a0b150e5bd066"}, {"url": "https://git.kernel.org/stable/c/2dba5774e8ed326a78ad4339d921a4291281ea6e"}, {"url": "https://git.kernel.org/stable/c/987c3ed7297e5661bc7f448f06fc366e497ac9b2"}, {"url": "https://git.kernel.org/stable/c/967d3c27127e71a10ff5c083583a038606431b61"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data races on remote_id\n\nSimilar to the previous patch, address the data race on\nremote_id, adding the suitable ONCE annotations."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:28:31.057Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27404", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:34:52.192Z", "dateReserved": "2024-02-25T13:47:42.681Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T11:40:21.607Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: mptcp: fix data races on remote_id", "id": "2281125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281125"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmptcp: fix data races on remote_id\nSimilar to the previous patch, address the data race on\nremote_id, adding the suitable ONCE annotations.", "A race condition vulnerability was found in the Linux kernel remote_id function. Successful exploitation of the flaw can result in loss of system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27404", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27404\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27404\nhttps://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-27404-ab54@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.81, kernel 6.6.19, kernel 6.7.7, kernel 6.8"}