CVE-2024-38596 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.113.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4902	2024-07-29T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.70.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:6206	2024-09-03T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.75.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4823	2024-07-24T00:00:00Z
kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4831	2024-07-24T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.44.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2024:9546	2024-11-13T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a
https://lore.kernel.org/linux-cve-announce/2024061956-CVE-2024-38596-f660@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38596
https://www.cve.org/CVERecord?id=CVE-2024-38596

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00389}`	epss `{'score': 0.00299}`

Sat, 16 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:8.8

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:45:45.984Z

Updated: 2025-05-04T09:14:55.180Z

Reserved: 2024-06-18T19:36:34.931Z

Link: CVE-2024-38596

Vulnrichment

Updated: 2024-08-02T04:12:26.062Z

NVD

Status : Awaiting Analysis

Published: 2024-06-19T14:15:19.640

Modified: 2024-11-21T09:26:26.643

Link: CVE-2024-38596

Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38596 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38596", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.931Z", "datePublished": "2024-06-19T13:45:45.984Z", "dateUpdated": "2025-05-04T09:14:55.180Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:14:55.180Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/unix/af_unix.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fca6072e1a7b1e709ada5604b951513b89b4bd0a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "de6641d213373fbde9bbdd7c4b552254bc9f82fe", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4d51845d734a4c5d079e56e0916f936a55e15055", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9aa8773abfa0e954136875b4cbf2df4cf638e8a5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8299e4d778f664b31b67cf4cf3d5409de2ecb92c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0688d4e499bee3f2749bca27329bd128686230cb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a4c88072abcaca593cefe70f90e9d3707526e8f9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a52fa2addfcccc2c5a0217fd45562605088c018b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "540bf24fba16b88c1b3b9353927204b4f1074e25", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/unix/af_unix.c"], "versions": [{"version": "2.6.12", "status": "affected"}, {"version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "4.19.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.4.278"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.10.219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.15.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.1.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.9.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}], "title": "af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.062Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:37.376960Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:54.639Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.062Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:37.376960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.758Z"}}], "cna": {"title": "af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "fca6072e1a7b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "de6641d21337", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4d51845d734a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "9aa8773abfa0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "8299e4d778f6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0688d4e499be", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a4c88072abca", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a52fa2addfcc", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "540bf24fba16", "versionType": "git"}], "programFiles": ["net/unix/af_unix.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.12"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.12", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.316", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/unix/af_unix.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:30:35.802Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38596", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:30:35.802Z", "dateReserved": "2024-06-18T19:36:34.931Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:45:45.984Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: corrige ejecuci\u00f3ns de datos en unix_release_sock/unix_stream_sendmsg Se identific\u00f3 una condici\u00f3n de ejecuci\u00f3n de datos en af_unix. En una ruta de datos, la funci\u00f3n de escritura unix_release_sock() escribe at\u00f3micamente en sk->sk_shutdown usando WRITE_ONCE. Sin embargo, en el lado del lector, unix_stream_sendmsg() no lo lee at\u00f3micamente. En consecuencia, este problema est\u00e1 provocando que se produzca el siguiente s\u00edmbolo de KCSAN: ERROR: KCSAN: data-race en unix_release_sock / unix_stream_sendmsg escribe (marcado) en 0xffff88867256ddbb de 1 byte por tarea 7270 en la CPU 28: unix_release_sock (net/unix/af_unix.c: 640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508 ) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/ common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) le\u00eddo en 0xffff88867256ddbb de 1 bytes por la tarea 989 en la CPU 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket .c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/ socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64 .S:130) valor cambiado: 0x01 -> 0x03 Los n\u00fameros de l\u00ednea est\u00e1n relacionados con el commit dd5a440a31fa (\"Linux 6.9-rc7\"). El commit e1d09c2c2f57 (\"af_unix: corregir ejecuci\u00f3ns de datos alrededor de sk->sk_shutdown.\") abord\u00f3 un problema comparable en el pasado con respecto a sk->sk_shutdown. Sin embargo, pas\u00f3 por alto resolver esta ruta de datos en particular. Este parche solo ofende la funci\u00f3n unix_stream_sendmsg(), ya que las otras lecturas parecen estar protegidas por unix_state_lock() como se explica en"}], "id": "CVE-2024-38596", "lastModified": "2024-11-21T09:26:26.643", "metrics": {}, "published": "2024-06-19T14:15:19.640", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:6206", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.70.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:4823", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.75.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4831", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:9546", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.44.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}], "bugzilla": {"description": "kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg", "id": "2293371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293371"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\nBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\nwrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\nunix_release_sock (net/unix/af_unix.c:640)\nunix_release (net/unix/af_unix.c:1050)\nsock_close (net/socket.c:659 net/socket.c:1421)\n__fput (fs/file_table.c:422)\n__fput_sync (fs/file_table.c:508)\n__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n__x64_sys_close (fs/open.c:1541)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\nunix_stream_sendmsg (net/unix/af_unix.c:2273)\n__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n____sys_sendmsg (net/socket.c:2584)\n__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nvalue changed: 0x01 -> 0x03\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"], "name": "CVE-2024-38596", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38596\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38596\nhttps://lore.kernel.org/linux-cve-announce/2024061956-CVE-2024-38596-f660@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object