CVE-2024-26614: tcp: make sure init the accept_queue's spinlocks once

Q: What is the severity of CVE-2024-26614?

CVE-2024-26614 has a medium severity level due to potential exploitation of the corrupted spinlock value leading to system instability.

Q: How do I fix CVE-2024-26614?

To fix CVE-2024-26614, upgrade your Linux kernel to a patched version such as 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, or 6.8.

Q: What are the affected Linux kernel versions for CVE-2024-26614?

CVE-2024-26614 affects various Linux kernel versions including those prior to 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, and 6.8.

Q: What is the nature of the issue described in CVE-2024-26614?

CVE-2024-26614 describes a vulnerability in the Linux kernel related to uninitialized spinlocks in the accept_queue.

Q: Can CVE-2024-26614 lead to security vulnerabilities?

Yes, CVE-2024-26614 could potentially lead to security vulnerabilities by causing unpredictable behavior in the system due to corrupted lock values.

Published Feb 29, 2024

Updated

In the Linux kernel, the following vulnerability has been resolved:

tcp: make sure init the acceptqueue's spinlocks once

rawspinunlock (kernel/locking/spinlock.c:186) inetcskreqskqueueadd (net/ipv4/inetconnectionsock.c:1321) inetcskcompletehashdance (net/ipv4/inetconnectionsock.c:1358) tcpcheckreq (net/ipv4/tcpminisocks.c:868) tcpv4rcv (net/ipv4/tcpipv4.c:2260) ipprotocoldeliverrcu (net/ipv4/ipinput.c:205) iplocaldeliverfinish (net/ipv4/ipinput.c:234) netifreceiveskbonecore (net/core/dev.c:5529) processbacklog (./include/linux/rcupdate.h:779) napipoll (net/core/dev.c:6533) netrxaction (net/core/dev.c:6604) dosoftirq (./arch/x86/include/asm/jumplabel.h:27) dosoftirq (kernel/softirq.c:454 kernel/softirq.c:441)

localbhenableip (kernel/softirq.c:381) devqueuexmit (net/core/dev.c:4374) ipfinishoutput2 (./include/net/neighbour.h:540 net/ipv4/ipoutput.c:235) ipqueuexmit (net/ipv4/ipoutput.c:535) tcptransmitskb (net/ipv4/tcpoutput.c:1462) tcprcvsynsentstateprocess (net/ipv4/tcpinput.c:6469) tcprcvstateprocess (net/ipv4/tcpinput.c:6657) tcpv4dorcv (net/ipv4/tcpipv4.c:1929) releasesock (./include/net/sock.h:1121 net/core/sock.c:2968) releasesock (net/core/sock.c:3536) inetwaitforconnect (net/ipv4/afinet.c:609) inetstreamconnect (net/ipv4/afinet.c:702) inetstreamconnect (net/ipv4/afinet.c:748) sysconnect (./include/linux/file.h:45 net/socket.c:2064) x64sysconnect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070) dosyscall64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:129) RIP: 0033:0x7fa10ff05a3d Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIGRAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640 R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20

The issue triggering process is analyzed as follows: Thread A Thread B tcpv4rcv //receive ack TCP packet inetshutdown tcpcheckreq tcpdisconnect //disconnect sock ... tcpsetstate(sk, TCPCLOSE) inetcskcompletehashdance ... inetcskreqskqueueadd ---truncated---

Other sources

In the Linux kernel, the following vulnerability has been resolved:

tcp: make sure init the acceptqueue's spinlocks once

When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at pvqueuedspinunlockslowpath (kernel/locking/qspinlockparavirt.h:508) Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:pvqueuedspinunlockslowpath (kernel/locking/qspinlockparavirt.h:508) Code: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7 30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900 RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000 R13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000 FS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0 Call Trace: <IRQ> rawspinunlock (kernel/locking/spinlock.c:186) inetcskreqskqueueadd (net/ipv4/inetconnectionsock.c:1321) inetcskcompletehashdance (net/ipv4/inetconnectionsock.c:1358) tcpcheckreq (net/ipv4/tcpminisocks.c:868) tcpv4rcv (net/ipv4/tcpipv4.c:2260) ipprotocoldeliverrcu (net/ipv4/ipinput.c:205) iplocaldeliverfinish (net/ipv4/ipinput.c:234) netifreceiveskbonecore (net/core/dev.c:5529) processbacklog (./include/linux/rcupdate.h:779) napipoll (net/core/dev.c:6533) netrxaction (net/core/dev.c:6604) dosoftirq (./arch/x86/include/asm/jumplabel.h:27) dosoftirq (kernel/softirq.c:454 kernel/softirq.c:441) </IRQ> <TASK> localbhenableip (kernel/softirq.c:381) devqueuexmit (net/core/dev.c:4374) ipfinishoutput2 (./include/net/neighbour.h:540 net/ipv4/ipoutput.c:235) ipqueuexmit (net/ipv4/ipoutput.c:535) tcptransmitskb (net/ipv4/tcpoutput.c:1462) tcprcvsynsentstateprocess (net/ipv4/tcpinput.c:6469) tcprcvstateprocess (net/ipv4/tcpinput.c:6657) tcpv4dorcv (net/ipv4/tcpipv4.c:1929) releasesock (./include/net/sock.h:1121 net/core/sock.c:2968) releasesock (net/core/sock.c:3536) inetwaitforconnect (net/ipv4/afinet.c:609) inetstreamconnect (net/ipv4/afinet.c:702) inetstreamconnect (net/ipv4/afinet.c:748) sysconnect (./include/linux/file.h:45 net/socket.c:2064) x64sysconnect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070) dosyscall64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:129) RIP: 0033:0x7fa10ff05a3d Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIGRAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640 R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20 </TASK>

— NVD

In the Linux kernel, the following vulnerability has been resolved:

tcp: make sure init the acceptqueue's spinlocks once

The Linux kernel CVE team has assigned CVE-2024-26614 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/20240229155245.1571576-46-lee@kernel.org/T

— Red Hat

Affected Software

18 affected componentsFixes available

Linux Linux kernel>=3.7<5.10.210

Linux Linux kernel>=5.11<5.15.149

Linux Linux kernel>=5.16<6.1.76

Linux Linux kernel>=6.2<6.6.15

Linux Linux kernel>=6.7<6.7.3

Linux Linux kernel=6.8-rc1

Debian Debian Linux=10.0

IBM Security Verify Governance<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2

IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

redhat/kernel<5.10.210

5.10.210

redhat/kernel<5.15.149

5.15.149

redhat/kernel<6.1.76

6.1.76

redhat/kernel<6.6.15

6.6.15

redhat/kernel<6.7.3

6.7.3

redhat/kernel<6.8

6.8

debian/linux

5.10.223-15.10.234-16.1.129-16.1.135-16.12.27-1

Remediation

Event History

Feb 29, 2024

CVE Published

via MITRE·03:52 PM

Data Sourced

via MITRE·03:52 PM

Description

Mar 12, 2024

Data Sourced

via Red Hat·05:18 PM

DescriptionSeverityAffected Software

May 7, 2024

Data Sourced

via Launchpad·08:28 PM

Description

Apr 29, 2025

Data Sourced

via Ubuntu·06:12 AM

RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7230443

Frequently Asked Questions

What is the severity of CVE-2024-26614?

CVE-2024-26614 has a medium severity level due to potential exploitation of the corrupted spinlock value leading to system instability.

How do I fix CVE-2024-26614?

To fix CVE-2024-26614, upgrade your Linux kernel to a patched version such as 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, or 6.8.

What are the affected Linux kernel versions for CVE-2024-26614?

CVE-2024-26614 affects various Linux kernel versions including those prior to 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, and 6.8.

What is the nature of the issue described in CVE-2024-26614?

CVE-2024-26614 describes a vulnerability in the Linux kernel related to uninitialized spinlocks in the accept_queue.

Can CVE-2024-26614 lead to security vulnerabilities?

Yes, CVE-2024-26614 could potentially lead to security vulnerabilities by causing unpredictable behavior in the system due to corrupted lock values.

CVE-2024-26614: tcp: make sure init the accept_queue's spinlocks once

Other sources

Affected Software

Remediation

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-26614?

How do I fix CVE-2024-26614?

What are the affected Linux kernel versions for CVE-2024-26614?

What is the nature of the issue described in CVE-2024-26614?

Can CVE-2024-26614 lead to security vulnerabilities?

Company

Resources

Contact