CVE-2024-42271: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic - not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv.
AI Analysis
Technical Summary
CVE-2024-42271 is a use-after-free vulnerability in the Linux kernel's IUCV (Inter-User Communication Vehicle) socket implementation, specifically within the iucv_sock_close() function. The vulnerability arises due to improper synchronization when severing the IUCV path. The iucv_sever_path() function is invoked from both process context and bottom half (bh) context, but the code does not use atomic operations correctly to manage the iucv->path pointer. This pointer acts as an indicator of whether the path is currently being severed or has already been removed. Without atomic compare-and-swap operations, a race condition occurs where iucv_sock_close() may attempt to access a path that has already been freed by iucv_callback_connrej(), which is called asynchronously by the iucv_tasklet_fn() tasklet. This leads to a use-after-free scenario, which can cause kernel panics or fatal exceptions, as demonstrated by the provided kernel call trace. The root cause is the lack of proper serialization between the tasklet context and process context, specifically the missing check and handling for sock_owned_by_user() in the bottom half context. The vulnerability could lead to system instability or denial of service through kernel crashes. Proposed future fixes include correcting the use of bh_lock_sock() in tasklet context or converting the tasklet into a worker thread that uses lock_sock(), thereby ensuring proper locking and serialization. This vulnerability affects Linux kernel versions identified by the given commit hashes and is relevant to systems using the af_iucv networking subsystem, which is primarily used on IBM Z mainframe architectures.
Potential Impact
For European organizations, the impact of CVE-2024-42271 depends largely on their use of Linux systems running the affected kernel versions and specifically those utilizing the IUCV subsystem. The IUCV protocol is mainly used on IBM Z mainframes, which are common in large enterprises, financial institutions, and government agencies for critical workloads. Exploitation of this vulnerability could lead to kernel panics and denial of service, disrupting critical services and potentially causing operational downtime. While there is no indication of remote exploitation or privilege escalation, the instability caused by kernel crashes could affect availability of key systems. Organizations relying on IBM Z Linux environments for transaction processing, data centers, or cloud infrastructure could face significant operational risks. Additionally, the lack of known exploits in the wild reduces immediate threat but does not eliminate risk, especially for high-value targets. The vulnerability's impact on confidentiality and integrity is limited, but availability impact is medium to high due to potential system crashes. European sectors such as banking, telecommunications, and government that use IBM Z Linux systems should be particularly attentive.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that address this vulnerability once available is critical. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. For organizations using IBM Z mainframes with Linux, verify kernel versions and update to patched versions promptly. 3. Implement rigorous kernel update policies and test patches in staging environments before production deployment to avoid unintended disruptions. 4. Consider disabling or limiting use of the af_iucv subsystem if it is not required, reducing the attack surface. 5. Enhance monitoring for kernel panics and unusual system crashes that could indicate exploitation attempts. 6. Employ kernel hardening techniques and ensure that system call filtering and access controls are in place to limit potential attack vectors. 7. Coordinate with hardware and Linux distribution vendors to ensure timely receipt of patches and mitigation guidance. 8. For critical environments, consider isolating IBM Z Linux workloads or applying additional runtime protections to mitigate risk until patches are applied.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Switzerland, Belgium, Sweden
CVE-2024-42271: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic - not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv.
AI-Powered Analysis
Technical Analysis
CVE-2024-42271 is a use-after-free vulnerability in the Linux kernel's IUCV (Inter-User Communication Vehicle) socket implementation, specifically within the iucv_sock_close() function. The vulnerability arises due to improper synchronization when severing the IUCV path. The iucv_sever_path() function is invoked from both process context and bottom half (bh) context, but the code does not use atomic operations correctly to manage the iucv->path pointer. This pointer acts as an indicator of whether the path is currently being severed or has already been removed. Without atomic compare-and-swap operations, a race condition occurs where iucv_sock_close() may attempt to access a path that has already been freed by iucv_callback_connrej(), which is called asynchronously by the iucv_tasklet_fn() tasklet. This leads to a use-after-free scenario, which can cause kernel panics or fatal exceptions, as demonstrated by the provided kernel call trace. The root cause is the lack of proper serialization between the tasklet context and process context, specifically the missing check and handling for sock_owned_by_user() in the bottom half context. The vulnerability could lead to system instability or denial of service through kernel crashes. Proposed future fixes include correcting the use of bh_lock_sock() in tasklet context or converting the tasklet into a worker thread that uses lock_sock(), thereby ensuring proper locking and serialization. This vulnerability affects Linux kernel versions identified by the given commit hashes and is relevant to systems using the af_iucv networking subsystem, which is primarily used on IBM Z mainframe architectures.
Potential Impact
For European organizations, the impact of CVE-2024-42271 depends largely on their use of Linux systems running the affected kernel versions and specifically those utilizing the IUCV subsystem. The IUCV protocol is mainly used on IBM Z mainframes, which are common in large enterprises, financial institutions, and government agencies for critical workloads. Exploitation of this vulnerability could lead to kernel panics and denial of service, disrupting critical services and potentially causing operational downtime. While there is no indication of remote exploitation or privilege escalation, the instability caused by kernel crashes could affect availability of key systems. Organizations relying on IBM Z Linux environments for transaction processing, data centers, or cloud infrastructure could face significant operational risks. Additionally, the lack of known exploits in the wild reduces immediate threat but does not eliminate risk, especially for high-value targets. The vulnerability's impact on confidentiality and integrity is limited, but availability impact is medium to high due to potential system crashes. European sectors such as banking, telecommunications, and government that use IBM Z Linux systems should be particularly attentive.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that address this vulnerability once available is critical. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. For organizations using IBM Z mainframes with Linux, verify kernel versions and update to patched versions promptly. 3. Implement rigorous kernel update policies and test patches in staging environments before production deployment to avoid unintended disruptions. 4. Consider disabling or limiting use of the af_iucv subsystem if it is not required, reducing the attack surface. 5. Enhance monitoring for kernel panics and unusual system crashes that could indicate exploitation attempts. 6. Employ kernel hardening techniques and ensure that system call filtering and access controls are in place to limit potential attack vectors. 7. Coordinate with hardware and Linux distribution vendors to ensure timely receipt of patches and mitigation guidance. 8. For critical environments, consider isolating IBM Z Linux workloads or applying additional runtime protections to mitigate risk until patches are applied.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-30T07:40:12.260Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe1dbd
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 6:40:28 AM
Last updated: 8/11/2025, 8:50:01 PM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.