CVE-2024-50293 in Linuxinfo

Summary

by MITRE • 11/19/2024

In the Linux kernel, the following vulnerability has been resolved:

net/smc: do not leave a dangling sk pointer in __smc_create()

Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC:

smc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0 WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 Modules linked in: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sock_create net/socket.c:1616 [inline]
__sys_socket_create net/socket.c:1653 [inline]
__sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [inline]
__se_sys_socket net/socket.c:1712 [inline]

For reference, see commit 2d859aff775d ("Merge branch 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'")

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 10/02/2025

The vulnerability identified as CVE-2024-50293 resides within the Linux kernel's socket management subsystem, specifically affecting the SMC (Scalable Memory Communication) protocol implementation. This flaw manifests as a dangling socket pointer issue in the __smc_create() function, which can lead to unpredictable behavior and potential security risks. The problem was uncovered through automated testing using syzbot, a fuzzer designed to identify kernel-level issues, and was subsequently traced back to a specific kernel commit that introduced stricter validation of socket creation functions.

The technical root cause of this vulnerability stems from the improper handling of socket pointers during the creation process in the AF_SMC family of sockets. When the smc_create function fails to properly initialize or clear the sock->sk pointer, it leaves behind a dangling reference that can be exploited by malicious actors. This behavior violates fundamental socket programming principles and can result in memory corruption, information disclosure, or denial of service conditions. The kernel's socket creation mechanism, as evidenced by the stack trace pointing to __sock_create+0x96f/0xa30 in net/socket.c at line 1563, demonstrates that the failure occurs during the core socket establishment process where proper cleanup should occur.

This vulnerability has significant operational impact on systems relying on SMC protocol for high-performance communication, particularly in data center environments where such protocols are commonly used for inter-process communication. The dangling pointer issue can lead to system instability, crashes, or potential privilege escalation if exploited by an attacker with access to the system. According to CWE guidelines, this corresponds to CWE-415: Double Free, as the improper handling of socket pointers can result in undefined behavior similar to memory management errors. The ATT&CK framework categorizes this under T1068: Exploitation for Privilege Escalation, as the vulnerability could potentially be leveraged to gain elevated system privileges.

Mitigation strategies for CVE-2024-50293 involve applying the upstream kernel fix that ensures proper clearing of sock->sk pointers on failure within the smc_create function. System administrators should prioritize updating to kernel versions that include the fix referenced in commit 4bbd360a5084 and the broader merge commit 2d859aff775d that addresses similar issues across multiple protocol families. Additionally, monitoring for unusual socket creation patterns and implementing proper kernel hardening measures can help detect potential exploitation attempts. Organizations should also consider disabling SMC protocol if it's not required for their specific use cases, as this provides an immediate reduction of attack surface. The fix specifically addresses the pattern where protocol families must clear sock->sk on failure, aligning with established kernel security best practices and preventing the class of vulnerabilities that could arise from improper pointer management in socket creation functions.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00213

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!