- Vulnerability/
- CVE-2024-57791
CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data
First published: Sat Jan 11 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should not be fully trusted as it is from the network. Once the value of length exceeds the value of buflen in function smc_clc_wait_msg it may run into deadloop when trying to drain the remaining data exceeding buflen. This patch checks the return value of sock_recvmsg when draining data in case of deadloop in draining.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6b80924af6216277892d5f091f5bfc7d1265fa28
- https://git.kernel.org/stable/c/7a6927814b4256d603e202ae7c5e38db3b338896
- https://git.kernel.org/stable/c/82c7ad9ca09975aae737abffd66d1ad98874c13d
- https://git.kernel.org/stable/c/c5b8ee5022a19464783058dc6042e8eefa34e8cd
- https://git.kernel.org/stable/c/d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6
- https://git.kernel.org/stable/c/df3dfe1a93c6298d8c09a18e4fba19ef5b17763b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57791
- https://nvd.nist.gov/vuln/detail/CVE-2024-57791
- https://launchpad.net/bugs/cve/CVE-2024-57791
- https://security-tracker.debian.org/tracker/CVE-2024-57791
- https://ubuntu.com/security/CVE-2024-57791
- https://git.kernel.org/linus/c5b8ee5022a19464783058dc6042e8eefa34e8cd
Frequently Asked Questions
What is the severity of CVE-2024-57791?
The severity of CVE-2024-57791 is classified based on its impact on the Linux kernel's handling of socket messages.
How do I fix CVE-2024-57791?
To fix CVE-2024-57791, you should update your Linux kernel to the latest version where this vulnerability has been patched.
What systems are affected by CVE-2024-57791?
CVE-2024-57791 affects the Linux kernel used in various Linux distributions.
What type of vulnerability is CVE-2024-57791?
CVE-2024-57791 is a vulnerability related to improper handling of socket message reception in the Linux kernel.
Is there a workaround for CVE-2024-57791?
Currently, the recommended approach for CVE-2024-57791 is to apply the relevant updates rather than relying on a workaround.
- agent/severity
- agent/title
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- collector/launchpad-cve
- source/Launchpad
- agent/description
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- package-manager/debian