CVE-2024-50294 in Linuxinfo

Summary

by MITRE • 11/19/2024

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix missing locking causing hanging calls

If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioritised over the connection and it will be removed from local->new_client_calls by rxrpc_disconnect_client_call() without a lock being held. This may cause other calls on the list to disappear if a race occurs.

Fix this by taking the client_call_lock when removing a call from whatever list its ->wait_link happens to be on.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 10/02/2025

The vulnerability identified as CVE-2024-50294 resides within the Linux kernel's rxrpc subsystem, specifically addressing a critical race condition that can lead to system hangs and potential denial of service scenarios. This flaw manifests in the remote execution of RPC calls over the network, where the kernel's handling of client call management contains a fundamental synchronization issue that compromises system stability and reliability.

The technical root cause of this vulnerability stems from inadequate locking mechanisms during the removal of client calls from internal data structures. When a call undergoes abortion due to external signals or kernel-level interruptions such as those triggered by kafs, the system attempts to remove the call from the local->new_client_calls list through the rxrpc_disconnect_client_call() function. However, this removal operation occurs without proper acquisition of the client_call_lock, creating a window where concurrent operations can interfere with the list management. The flaw specifically occurs when a call is aborted between the time it is queued for connection and when an I/O thread processes it, leading to a scenario where the abort operation takes precedence over normal connection processing.

This race condition creates a particularly dangerous situation where multiple concurrent operations can corrupt the linked list structure containing client calls, potentially causing other legitimate calls to disappear from the processing queue without proper cleanup. The absence of proper locking means that when the abort operation occurs without synchronization, it can inadvertently affect the integrity of the entire call list, leading to unpredictable behavior and system hangs. The vulnerability essentially allows for a form of memory corruption where the list traversal becomes invalid due to concurrent modification without proper synchronization primitives.

The operational impact of this vulnerability extends beyond simple system instability, as it can result in complete system hangs where the kernel becomes unresponsive to further RPC calls. Attackers who can trigger the specific race condition may exploit this to cause denial of service conditions, particularly in environments where the rxrpc subsystem handles critical network operations or where multiple concurrent RPC calls are common. The vulnerability affects systems running Linux kernels that implement the rxrpc networking protocol, which is commonly used in distributed computing environments and network file systems where remote procedure calls are prevalent.

Mitigation strategies for CVE-2024-50294 involve ensuring that all kernel updates are applied promptly, as the fix requires proper locking mechanism implementation. The resolution addresses the issue by implementing the client_call_lock when removing calls from their respective lists, preventing concurrent access to the call management structures. Organizations should prioritize patching their Linux kernel versions to include this fix, which aligns with the principles of secure coding practices outlined in CWE-362, which specifically addresses race conditions and improper locking. This vulnerability also demonstrates the importance of proper synchronization mechanisms in kernel space operations, similar to the considerations found in ATT&CK technique T1499.004 for network denial of service attacks that exploit system resource management flaws. The fix ensures that all modifications to the client call lists are properly synchronized, preventing the corruption of data structures that could lead to system instability or complete hang conditions.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00161

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!