CVE-2024-36484 is a vulnerability identified in the Linux kernel's networking subsystem, specifically within the IPv4 socket handling code in the __inet_accept() function. The issue arises due to an overly strict socket state check during the accept() system call, which can lead to a kernel warning and potential system instability or crash (kernel panic). The root cause is related to the handling of TCP sockets that are in the FIN_WAIT1 state when accept() is called. This condition can occur when shutdown() is invoked on a socket before it fully transitions to the listening state, particularly after the commit 94062790aedb which deferred shutdown for TCP_SYN_RECV sockets. The vulnerability manifests as a kernel warning (splat) triggered by an assertion failure in __inet_accept(), indicating that the socket state does not meet expected conditions. While no direct exploit in the wild is reported, the vulnerability could be triggered by local processes invoking accept() on sockets in unexpected states, potentially leading to denial of service through kernel crashes or instability. The fix involves relaxing the assertion in __inet_accept() to accommodate the new TCP socket state transitions introduced by the deferred shutdown commit, thereby preventing the kernel panic. This vulnerability affects multiple Linux kernel versions as identified by specific commit hashes, including recent mainline and possibly some distribution kernels based on those commits. No CVSS score is assigned yet, and no known exploits have been observed in the wild.

For European organizations, the primary impact of CVE-2024-36484 is the risk of denial of service (DoS) on Linux-based servers and infrastructure due to kernel panics triggered by malformed or unexpected socket state transitions during network connection handling. Many European enterprises, government agencies, and service providers rely heavily on Linux servers for critical applications, web services, and network infrastructure. A kernel crash can lead to service outages, data unavailability, and operational disruption. Although this vulnerability does not appear to allow privilege escalation or remote code execution, the resulting instability could be exploited by local attackers or malicious software to disrupt services. Systems running custom or legacy applications that manipulate socket states or use shutdown() and accept() calls in non-standard ways may be particularly susceptible. Additionally, embedded Linux devices and network appliances used in European industrial, telecommunications, and critical infrastructure sectors might be affected if they use vulnerable kernel versions. The absence of known exploits reduces immediate risk, but the vulnerability's presence in the Linux kernel codebase means that timely patching is essential to prevent potential DoS attacks.

European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2024-36484. Since the vulnerability is related to kernel code, applying official kernel patches or upgrading to the latest stable kernel releases that incorporate the relaxed socket state check is the most effective mitigation. For environments where immediate kernel upgrades are challenging, organizations should audit and monitor applications that perform socket shutdown and accept operations, ensuring they follow standard socket lifecycle practices to avoid triggering the vulnerable code path. Implementing kernel crash monitoring and automated reboot mechanisms can reduce downtime in case of unexpected panics. Additionally, organizations should review and limit local user permissions to prevent unprivileged users from invoking potentially harmful socket operations. Network segmentation and strict access controls can reduce the risk of local exploitation. Finally, maintaining up-to-date intrusion detection systems and monitoring kernel logs for warning messages related to __inet_accept() can help detect attempts to trigger this vulnerability.