CVE-2024-38596

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38596

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in

References
Link Resource
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb Patch
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 Patch
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 Patch
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c Patch
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 Patch
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 Patch
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b Patch
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe Patch
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a Patch
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb Patch
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 Patch
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 Patch
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c Patch
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 Patch
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 Patch
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b Patch
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe Patch
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
History

04 Nov 2025, 18:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

17 Sep 2025, 21:09

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb - () https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb - Patch
References () https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 - () https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 - Patch
References () https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 - () https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 - Patch
References () https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c - () https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c - Patch
References () https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 - () https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 - Patch
References () https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 - () https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 - Patch
References () https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b - () https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b - Patch
References () https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe - () https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe - Patch
References () https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a - () https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a - Patch
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.7
CWE CWE-362
CPE cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

21 Nov 2024, 09:26

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb - () https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb -
References () https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 - () https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 -
References () https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 - () https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 -
References () https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c - () https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c -
References () https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 - () https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 -
References () https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 - () https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 -
References () https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b - () https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b -
References () https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe - () https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe -
References () https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a - () https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a -

15 Jul 2024, 07:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

27 Jun 2024, 12:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

20 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: af_unix: corrige ejecucións de datos en unix_release_sock/unix_stream_sendmsg Se identificó una condición de ejecución de datos en af_unix. En una ruta de datos, la función de escritura unix_release_sock() escribe atómicamente en sk->sk_shutdown usando WRITE_ONCE. Sin embargo, en el lado del lector, unix_stream_sendmsg() no lo lee atómicamente. En consecuencia, este problema está provocando que se produzca el siguiente símbolo de KCSAN: ERROR: KCSAN: data-race en unix_release_sock / unix_stream_sendmsg escribe (marcado) en 0xffff88867256ddbb de 1 byte por tarea 7270 en la CPU 28: unix_release_sock (net/unix/af_unix.c: 640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508 ) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/ common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) leído en 0xffff88867256ddbb de 1 bytes por la tarea 989 en la CPU 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket .c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/ socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64 .S:130) valor cambiado: 0x01 -> 0x03 Los números de línea están relacionados con el commit dd5a440a31fa ("Linux 6.9-rc7"). El commit e1d09c2c2f57 ("af_unix: corregir ejecucións de datos alrededor de sk->sk_shutdown.") abordó un problema comparable en el pasado con respecto a sk->sk_shutdown. Sin embargo, pasó por alto resolver esta ruta de datos en particular. Este parche solo ofende la función unix_stream_sendmsg(), ya que las otras lecturas parecen estar protegidas por unix_state_lock() como se explica en

19 Jun 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-19 14:15

Updated : 2025-11-04 18:16

NVD link : CVE-2024-38596

Mitre link : CVE-2024-38596

CVE.ORG link : CVE-2024-38596

JSON object : View

Products Affected

linux

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')