{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/sctp/socket.c" ], "versions": [ { "version": "5e8f3f703ae4", "lessThan": "dd70c8a89ef9", "status": "affected", "versionType": "git" }, { "version": "5e8f3f703ae4", "lessThan": "e7a8442195e8", "status": "affected", "versionType": "git" }, { "version": "5e8f3f703ae4", "lessThan": "9230a59eda08", "status": "affected", "versionType": "git" }, { "version": "5e8f3f703ae4", "lessThan": "7f64cb5b4d8c", "status": "affected", "versionType": "git" }, { "version": "5e8f3f703ae4", "lessThan": "f032e1dac30b", "status": "affected", "versionType": "git" }, { "version": "5e8f3f703ae4", "lessThan": "e914bf68dab8", "status": "affected", "versionType": "git" }, { "version": "5e8f3f703ae4", "lessThan": "8beee4d8dee7", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/sctp/socket.c" ], "versions": [ { "version": "2.6.30", "status": "affected" }, { "version": "0", "lessThan": "2.6.30", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.12-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa" }, { "url": "https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce" }, { "url": "https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455" }, { "url": "https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7" }, { "url": "https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d" }, { "url": "https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5" }, { "url": "https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160" } ], "title": "sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start", "x_generator": { "engine": "bippy-c9c4e1df01b2" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-49944", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }