CVE-2024-36905
Vulnerability Scoring
Analysis In Progress
CVE-2024-36905
Attack Complexity Details
-
Attack Complexity:
Attack Complexity Analysis In Progress
-
Attack Vector:
Attack Vector Under Analysis
-
Privileges Required:
None
No authentication is required for exploitation.
-
Scope:
Impact is confined to the initially vulnerable component.
-
User Interaction:
None
No user interaction is necessary for exploitation.
CVE-2024-36905 Details
Status: Awaiting Analysis
Last updated: 🕔 14 Jan 2025, 17:15 UTC
Originally published on: 🕓 30 May 2024, 16:15 UTC
Time between publication and last update: 229 days
CVSS Release:
CVSS3 Source
134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS3 Type
Secondary
CVSS3 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-36905 Vulnerability Summary
CVE-2024-36905: In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by zero in tcp_rcv_space_adjust() A socket makes the following state transitions, without ever calling tcp_init_transfer(), meaning tcp_init_buffer_space() is also not called. TCP_CLOSE connect() TCP_SYN_SENT TCP_SYN_RECV shutdown() -> tcp_shutdown(sk, SEND_SHUTDOWN) TCP_FIN_WAIT1 To fix this issue, change tcp_shutdown() to not perform a TCP_SYN_RECV -> TCP_FIN_WAIT1 transition, which makes no sense anyway. When tcp_rcv_state_process() later changes socket state from TCP_SYN_RECV to TCP_ESTABLISH, then look at sk->sk_shutdown to finally enter TCP_FIN_WAIT1 state, and send a FIN packet from a sane socket state. This means tcp_send_fin() can now be called from BH context, and must use GFP_ATOMIC allocations. [1] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767 Code: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 <48> f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48 RSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246 RAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7 R10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30 R13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da FS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0 Call Trace: <TASK> tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513 tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578 inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x109/0x280 net/socket.c:1068 ____sys_recvmsg+0x1db/0x470 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x474/0xae0 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7faeb6363db9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9 RDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c R10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
Assessing the Risk of CVE-2024-36905
Access Complexity Graph
The exploitability of CVE-2024-36905 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).
Exploitability Analysis for CVE-2024-36905
CVE-2024-36905 presents an accessible attack vector with minimal effort required. Restricting access controls and implementing security updates are critical to reducing exploitation risks.
Understanding AC and PR
A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.
Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.
Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.
CVSS Score Breakdown Chart
Above is the CVSS Sub-score Breakdown for CVE-2024-36905, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.
CIA Impact Analysis
Below is the Impact Analysis for CVE-2024-36905, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.
-
Confidentiality:
None
CVE-2024-36905 does not compromise confidentiality.
-
Integrity:
None
CVE-2024-36905 does not impact data integrity.
-
Availability:
None
CVE-2024-36905 does not affect system availability.
Exploit Prediction Scoring System (EPSS)
The EPSS score estimates the probability that this vulnerability will be exploited in the near future.
EPSS Score: 0.044% (probability of exploit)
EPSS Percentile: 15.73%
(lower percentile = lower relative risk)
This vulnerability is less risky than approximately 84.27% of others.
CVE-2024-36905 References
External References
- https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4
- https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270
- https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1
- https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485
- https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f
- https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf
- https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214
- https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4
- https://www.openwall.com/lists/oss-security/2024/10/29/1
- http://www.openwall.com/lists/oss-security/2024/10/29/1
- http://www.openwall.com/lists/oss-security/2024/10/30/1
- http://www.openwall.com/lists/oss-security/2024/11/12/4
- http://www.openwall.com/lists/oss-security/2024/11/12/5
- http://www.openwall.com/lists/oss-security/2024/11/12/6
- https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4
- https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270
- https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1
- https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485
- https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f
- https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf
- https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214
- https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://security.netapp.com/advisory/ntap-20240905-0005/
- https://access.redhat.com/security/cve/cve-2024-36905
- https://alas.aws.amazon.com/cve/html/CVE-2024-36905.html
- https://github.com/cisagov/vulnrichment/issues/130
- https://www.openwall.com/lists/oss-security/2024/11/12/4
CWE Common Weakness Enumeration
Unknown
Protect Your Infrastructure against CVE-2024-36905: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.
Other 5 Recently Published CVEs Vulnerabilities
- CVE-2024-43107 – Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) ...
- CVE-2024-41724 – Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. Thi...
- CVE-2025-2133 – A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/ind...
- CVE-2025-2132 – A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists...
- CVE-2025-2131 – A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the comp...