CVE-2024-47709: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). syzbot reported a warning in bcm_release(). [0] The blamed change fixed another warning that is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo->bcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release(). Let's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify(). [0] name '4986' WARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711 Modules linked in: CPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711 Code: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f> 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07 RSP: 0018:ffffc9000345fa20 EFLAGS: 00010246 RAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a R10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640 R13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> bcm_release+0x250/0x880 net/can/bcm.c:1578 __sock_release net/socket.c:659 [inline] sock_close+0xbc/0x240 net/socket.c:1421 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:228 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xa2f/0x27f0 kernel/exit.c:882 do_group_exit+0x207/0x2c0 kernel/exit.c:1031 __do_sys_exit_group kernel/exit.c:1042 [inline] __se_sys_exit_group kernel/exit.c:1040 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fcfb51ee969 Code: Unable to access opcode bytes at 0x7fcfb51ee93f. RSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0 R13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160 </TASK>
AI Analysis
Technical Summary
CVE-2024-47709 addresses a vulnerability in the Linux kernel's CAN (Controller Area Network) BCM (Broadcast Manager) subsystem. The issue arises from improper handling of the bcm_proc_read pointer after the removal of a proc filesystem entry via remove_proc_entry(). Specifically, a previous fix intended to address warnings triggered when a connect() call is issued again on a socket whose connected device has been unregistered inadvertently introduced a new problem. If the socket is closed without a second connect() call, the bcm_proc_read pointer remains uncleared, causing an unnecessary invocation of remove_proc_entry() during bcm_release(). This can lead to a kernel warning or potentially undefined behavior due to double removal or use-after-free conditions in the proc filesystem interface. The vulnerability was reported by syzbot, an automated kernel fuzzer, which detected warnings during bcm_release(). The fix involves explicitly clearing the bcm_proc_read pointer after remove_proc_entry() in the bcm_notify() function to prevent repeated removal attempts. This vulnerability affects multiple Linux kernel versions, including recent mainline releases, as indicated by the affected commit hashes. While no known exploits are reported in the wild, the flaw could cause kernel instability or denial of service (DoS) through kernel warnings or crashes triggered by socket operations on CAN BCM sockets. The vulnerability does not appear to allow privilege escalation or arbitrary code execution directly but may impact system availability and reliability, especially on systems utilizing CAN BCM sockets for communication.
Potential Impact
For European organizations, the impact of CVE-2024-47709 primarily concerns systems that use Linux kernels with CAN BCM support, which is common in embedded systems, automotive, industrial control, and IoT devices. Organizations in sectors such as automotive manufacturing, industrial automation, transportation, and critical infrastructure may be affected if their Linux-based systems rely on CAN BCM sockets. The vulnerability could lead to kernel warnings or crashes, resulting in denial of service conditions that disrupt operations or degrade system reliability. In safety-critical environments, such as automotive or industrial control systems, unexpected kernel faults could have cascading effects on operational safety and availability. Although no direct exploitation for privilege escalation is known, the potential for system instability necessitates prompt patching to maintain operational continuity. European organizations with Linux-based infrastructure, especially those deploying custom or embedded Linux kernels with CAN support, should assess their exposure and prioritize remediation to avoid service interruptions or safety risks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-47709 as soon as they become available from trusted sources or Linux distribution vendors. 2. For embedded or custom Linux systems, rebuild and deploy updated kernel versions incorporating the fix. 3. Audit systems using CAN BCM sockets to identify those potentially affected, focusing on automotive, industrial, and IoT devices. 4. Implement monitoring for kernel warnings or unusual socket behavior related to CAN BCM to detect potential exploitation or instability. 5. Limit access to CAN BCM socket interfaces to trusted processes and users to reduce the risk of triggering the vulnerability. 6. In environments where patching is delayed, consider temporary mitigations such as disabling CAN BCM socket usage if feasible, or isolating affected systems to minimize impact. 7. Maintain up-to-date kernel versions and subscribe to security advisories from Linux kernel maintainers and distribution vendors to promptly address similar vulnerabilities.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Finland, Belgium, Poland, Spain
CVE-2024-47709: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). syzbot reported a warning in bcm_release(). [0] The blamed change fixed another warning that is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo->bcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release(). Let's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify(). [0] name '4986' WARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711 Modules linked in: CPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711 Code: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f> 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07 RSP: 0018:ffffc9000345fa20 EFLAGS: 00010246 RAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a R10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640 R13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> bcm_release+0x250/0x880 net/can/bcm.c:1578 __sock_release net/socket.c:659 [inline] sock_close+0xbc/0x240 net/socket.c:1421 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:228 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xa2f/0x27f0 kernel/exit.c:882 do_group_exit+0x207/0x2c0 kernel/exit.c:1031 __do_sys_exit_group kernel/exit.c:1042 [inline] __se_sys_exit_group kernel/exit.c:1040 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fcfb51ee969 Code: Unable to access opcode bytes at 0x7fcfb51ee93f. RSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0 R13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-47709 addresses a vulnerability in the Linux kernel's CAN (Controller Area Network) BCM (Broadcast Manager) subsystem. The issue arises from improper handling of the bcm_proc_read pointer after the removal of a proc filesystem entry via remove_proc_entry(). Specifically, a previous fix intended to address warnings triggered when a connect() call is issued again on a socket whose connected device has been unregistered inadvertently introduced a new problem. If the socket is closed without a second connect() call, the bcm_proc_read pointer remains uncleared, causing an unnecessary invocation of remove_proc_entry() during bcm_release(). This can lead to a kernel warning or potentially undefined behavior due to double removal or use-after-free conditions in the proc filesystem interface. The vulnerability was reported by syzbot, an automated kernel fuzzer, which detected warnings during bcm_release(). The fix involves explicitly clearing the bcm_proc_read pointer after remove_proc_entry() in the bcm_notify() function to prevent repeated removal attempts. This vulnerability affects multiple Linux kernel versions, including recent mainline releases, as indicated by the affected commit hashes. While no known exploits are reported in the wild, the flaw could cause kernel instability or denial of service (DoS) through kernel warnings or crashes triggered by socket operations on CAN BCM sockets. The vulnerability does not appear to allow privilege escalation or arbitrary code execution directly but may impact system availability and reliability, especially on systems utilizing CAN BCM sockets for communication.
Potential Impact
For European organizations, the impact of CVE-2024-47709 primarily concerns systems that use Linux kernels with CAN BCM support, which is common in embedded systems, automotive, industrial control, and IoT devices. Organizations in sectors such as automotive manufacturing, industrial automation, transportation, and critical infrastructure may be affected if their Linux-based systems rely on CAN BCM sockets. The vulnerability could lead to kernel warnings or crashes, resulting in denial of service conditions that disrupt operations or degrade system reliability. In safety-critical environments, such as automotive or industrial control systems, unexpected kernel faults could have cascading effects on operational safety and availability. Although no direct exploitation for privilege escalation is known, the potential for system instability necessitates prompt patching to maintain operational continuity. European organizations with Linux-based infrastructure, especially those deploying custom or embedded Linux kernels with CAN support, should assess their exposure and prioritize remediation to avoid service interruptions or safety risks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-47709 as soon as they become available from trusted sources or Linux distribution vendors. 2. For embedded or custom Linux systems, rebuild and deploy updated kernel versions incorporating the fix. 3. Audit systems using CAN BCM sockets to identify those potentially affected, focusing on automotive, industrial, and IoT devices. 4. Implement monitoring for kernel warnings or unusual socket behavior related to CAN BCM to detect potential exploitation or instability. 5. Limit access to CAN BCM socket interfaces to trusted processes and users to reduce the risk of triggering the vulnerability. 6. In environments where patching is delayed, consider temporary mitigations such as disabling CAN BCM socket usage if feasible, or isolating affected systems to minimize impact. 7. Maintain up-to-date kernel versions and subscribe to security advisories from Linux kernel maintainers and distribution vendors to promptly address similar vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.947Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe0592
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:55:06 PM
Last updated: 8/4/2025, 2:26:41 PM
Views: 18
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.