CVE-2024-49864 is a vulnerability identified in the Linux kernel's rxrpc protocol implementation. The issue arises due to a race condition between the setup of a socket and the creation of its associated I/O thread. Specifically, in the function rxrpc_open_socket(), the socket is initialized first, followed by the creation of the I/O thread responsible for handling incoming packets. However, there exists a timing gap between these two steps. During this gap, if a UDP packet arrives and triggers the rxrpc_encap_rcv() function, the kernel attempts to wake the I/O thread, which has not yet been created. This results in a kernel oops (a type of kernel crash), leading to potential denial of service or system instability. The immediate fix implemented discards any packets arriving before the I/O thread is ready, preventing the crash but potentially dropping legitimate packets. A more robust, albeit intrusive, solution would involve restructuring the code so that socket creation is performed within the I/O thread, eliminating the race condition entirely. This vulnerability affects Linux kernel versions identified by the commit hash a275da62e8c111b897b9cb73eb91df2f4e475ca5 and is publicly disclosed as of October 21, 2024. No known exploits are currently reported in the wild. The vulnerability is specific to the rxrpc protocol, which is used primarily for remote procedure calls over UDP in certain Linux environments.

For European organizations, the impact of CVE-2024-49864 primarily involves potential system instability or denial of service on Linux systems utilizing the rxrpc protocol. While rxrpc is not as widely used as other protocols, it is employed in specific enterprise and telecommunications environments, including some distributed systems and legacy applications. A successful exploitation could cause kernel crashes, leading to service interruptions, which may affect critical infrastructure or services relying on affected Linux systems. Confidentiality and integrity impacts are minimal since the vulnerability causes a crash rather than unauthorized access or data manipulation. However, availability is significantly impacted due to the kernel oops. Organizations running Linux kernels with the affected versions and using rxrpc could experience unexpected downtime, impacting business continuity and operational reliability. Given the lack of known exploits, the immediate risk is moderate, but the vulnerability should be addressed promptly to avoid potential exploitation as attackers may develop techniques to trigger the race condition.

To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that address CVE-2024-49864 as soon as they become available from their Linux distribution vendors. 2) If patching is delayed, consider disabling the rxrpc protocol if it is not required for operational purposes, thereby eliminating the attack surface. 3) Monitor kernel logs for any unusual oops or crash reports related to rxrpc_encap_rcv(), which may indicate attempted exploitation or system instability. 4) Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of kernel crashes. 5) Engage with Linux distribution security advisories and subscribe to relevant security mailing lists to stay informed about updates and potential exploit developments. 6) For environments where rxrpc is critical, consider testing the impact of the patch in staging before deployment to ensure compatibility and stability. 7) Evaluate network-level controls to limit exposure of UDP ports associated with rxrpc to untrusted networks, reducing the likelihood of malicious packet injection triggering the race condition.