CVE-2024-50034: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000005 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000 [0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003, pud=0000000000000000 Internal error: Oops: 0000000086000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910 sp : ffff80009b887a90 x29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000 x26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00 x23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000 x20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee x17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001 x14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003 x11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000 Call trace: 0x0 netlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000 smack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593 smack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973 security_socket_post_create+0x94/0xd4 security/security.c:4425 __sock_create+0x4c8/0x884 net/socket.c:1587 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x134/0x340 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1718 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- This patch add a toy implementation that performs a simple return to prevent such panic. This is because MSS can be set in sock_create_kern or smc_setsockopt, similar to how it's done in AF_SMC. However, for AF_SMC, there is currently no way to synchronize MSS within __sys_connect_file. This toy implementation lays the groundwork for us to support such feature for IPPROTO_SMC in the future.
AI Analysis
Technical Summary
CVE-2024-50034 is a vulnerability identified in the Linux kernel, specifically within the net/smc (Shared Memory Communications) subsystem. The issue arises due to improper handling of the icsk_syn_mss field when the IPPROTO_SMC protocol is used. The vulnerability manifests as a kernel panic triggered by a NULL pointer dereference, which occurs because the icsk->icsk_sync_mss field is not properly set when INET_PROTOSW_ICSK is configured. This leads to a failure in handling socket creation and connection processes involving the IPPROTO_SMC protocol, resulting in a denial-of-service (DoS) condition due to kernel crashes. The vulnerability was reported by a user named Eric, who provided detailed kernel panic logs and memory abort information indicating a level 1 translation fault caused by dereferencing a NULL pointer. The patch introduced is a minimalistic or 'toy' implementation that prevents the panic by ensuring a safe return path, laying groundwork for future synchronization of MSS (Maximum Segment Size) for IPPROTO_SMC similar to the AF_SMC protocol. The vulnerability affects Linux kernel versions around 6.11.0-rc7 and potentially others using the affected commit hashes. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial-of-service attacks on Linux-based systems that utilize the IPPROTO_SMC protocol, which is used for high-performance shared memory communications. Systems running affected Linux kernel versions could experience kernel panics and crashes when processing malicious or malformed network traffic targeting this protocol. This could lead to service outages, impacting critical infrastructure, cloud services, and enterprise environments relying on Linux servers. Although exploitation requires triggering specific kernel code paths related to socket creation with IPPROTO_SMC, the impact on availability is significant due to system crashes. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the DoS condition to facilitate further attacks or disrupt security monitoring. Given the Linux kernel's widespread use across European data centers, cloud providers, and embedded systems, the vulnerability could affect a broad range of sectors including finance, telecommunications, and government services.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that addresses the icsk_syn_mss handling in the net/smc subsystem is critical. Monitor Linux kernel mailing lists and vendor advisories for updated stable releases incorporating this fix. 2. For organizations unable to patch immediately, consider disabling or restricting the use of the IPPROTO_SMC protocol if it is not essential, to reduce the attack surface. 3. Implement kernel crash monitoring and automated recovery mechanisms to minimize downtime in case of exploitation attempts. 4. Employ network-level filtering to detect and block suspicious traffic patterns targeting the SMC protocol ports or unusual socket creation attempts. 5. Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before deployment in production. 6. Maintain up-to-date inventory of Linux kernel versions in use across the organization to prioritize patching efforts effectively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Italy, Spain, Poland
CVE-2024-50034: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000005 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000 [0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003, pud=0000000000000000 Internal error: Oops: 0000000086000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910 sp : ffff80009b887a90 x29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000 x26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00 x23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000 x20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee x17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001 x14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003 x11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000 Call trace: 0x0 netlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000 smack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593 smack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973 security_socket_post_create+0x94/0xd4 security/security.c:4425 __sock_create+0x4c8/0x884 net/socket.c:1587 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x134/0x340 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1718 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- This patch add a toy implementation that performs a simple return to prevent such panic. This is because MSS can be set in sock_create_kern or smc_setsockopt, similar to how it's done in AF_SMC. However, for AF_SMC, there is currently no way to synchronize MSS within __sys_connect_file. This toy implementation lays the groundwork for us to support such feature for IPPROTO_SMC in the future.
AI-Powered Analysis
Technical Analysis
CVE-2024-50034 is a vulnerability identified in the Linux kernel, specifically within the net/smc (Shared Memory Communications) subsystem. The issue arises due to improper handling of the icsk_syn_mss field when the IPPROTO_SMC protocol is used. The vulnerability manifests as a kernel panic triggered by a NULL pointer dereference, which occurs because the icsk->icsk_sync_mss field is not properly set when INET_PROTOSW_ICSK is configured. This leads to a failure in handling socket creation and connection processes involving the IPPROTO_SMC protocol, resulting in a denial-of-service (DoS) condition due to kernel crashes. The vulnerability was reported by a user named Eric, who provided detailed kernel panic logs and memory abort information indicating a level 1 translation fault caused by dereferencing a NULL pointer. The patch introduced is a minimalistic or 'toy' implementation that prevents the panic by ensuring a safe return path, laying groundwork for future synchronization of MSS (Maximum Segment Size) for IPPROTO_SMC similar to the AF_SMC protocol. The vulnerability affects Linux kernel versions around 6.11.0-rc7 and potentially others using the affected commit hashes. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial-of-service attacks on Linux-based systems that utilize the IPPROTO_SMC protocol, which is used for high-performance shared memory communications. Systems running affected Linux kernel versions could experience kernel panics and crashes when processing malicious or malformed network traffic targeting this protocol. This could lead to service outages, impacting critical infrastructure, cloud services, and enterprise environments relying on Linux servers. Although exploitation requires triggering specific kernel code paths related to socket creation with IPPROTO_SMC, the impact on availability is significant due to system crashes. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the DoS condition to facilitate further attacks or disrupt security monitoring. Given the Linux kernel's widespread use across European data centers, cloud providers, and embedded systems, the vulnerability could affect a broad range of sectors including finance, telecommunications, and government services.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that addresses the icsk_syn_mss handling in the net/smc subsystem is critical. Monitor Linux kernel mailing lists and vendor advisories for updated stable releases incorporating this fix. 2. For organizations unable to patch immediately, consider disabling or restricting the use of the IPPROTO_SMC protocol if it is not essential, to reduce the attack surface. 3. Implement kernel crash monitoring and automated recovery mechanisms to minimize downtime in case of exploitation attempts. 4. Employ network-level filtering to detect and block suspicious traffic patterns targeting the SMC protocol ports or unusual socket creation attempts. 5. Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before deployment in production. 6. Maintain up-to-date inventory of Linux kernel versions in use across the organization to prioritize patching efforts effectively.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T12:17:06.070Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfd66
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 4:27:38 PM
Last updated: 8/18/2025, 11:32:24 PM
Views: 13
Related Threats
CVE-2025-38742: CWE-732: Incorrect Permission Assignment for Critical Resource in Dell iDRAC Service Module (iSM)
MediumCVE-2025-38743: CWE-805: Buffer Access with Incorrect Length Value in Dell iDRAC Service Module (iSM)
HighCVE-2025-52351: n/a
HighCVE-2025-52352: n/a
HighPre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.