CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb	Patch
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055	Patch
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25	Patch
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c	Patch
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5	Patch
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9	Patch
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b	Patch
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe	Patch
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a	Patch
https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb	Patch
https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055	Patch
https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25	Patch
https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c	Patch
https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5	Patch
https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9	Patch
https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b	Patch
https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe	Patch
https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc5::::::

History

17 Sep 2025, 21:09

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:-::::::
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb -~~	() https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb - Patch
References	~~() https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 -~~	() https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 - Patch
References	~~() https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 -~~	() https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 - Patch
References	~~() https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c -~~	() https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c - Patch
References	~~() https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 -~~	() https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 - Patch
References	~~() https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 -~~	() https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 - Patch
References	~~() https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b -~~	() https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b - Patch
References	~~() https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe -~~	() https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe - Patch
References	~~() https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a -~~	() https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a - Patch
CWE		CWE-362
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7

21 Nov 2024, 09:26

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb -~~	() https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb -
References	~~() https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 -~~	() https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 -
References	~~() https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 -~~	() https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25 -
References	~~() https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c -~~	() https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c -
References	~~() https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 -~~	() https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 -
References	~~() https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 -~~	() https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9 -
References	~~() https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b -~~	() https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b -
References	~~() https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe -~~	() https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe -
References	~~() https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a -~~	() https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a -

15 Jul 2024, 07:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~

27 Jun 2024, 12:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

20 Jun 2024, 12:43

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: af_unix: corrige ejecucións de datos en unix_release_sock/unix_stream_sendmsg Se identificó una condición de ejecución de datos en af_unix. En una ruta de datos, la función de escritura unix_release_sock() escribe atómicamente en sk->sk_shutdown usando WRITE_ONCE. Sin embargo, en el lado del lector, unix_stream_sendmsg() no lo lee atómicamente. En consecuencia, este problema está provocando que se produzca el siguiente símbolo de KCSAN: ERROR: KCSAN: data-race en unix_release_sock / unix_stream_sendmsg escribe (marcado) en 0xffff88867256ddbb de 1 byte por tarea 7270 en la CPU 28: unix_release_sock (net/unix/af_unix.c: 640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508 ) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/ common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) leído en 0xffff88867256ddbb de 1 bytes por la tarea 989 en la CPU 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket .c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/ socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64 .S:130) valor cambiado: 0x01 -> 0x03 Los números de línea están relacionados con el commit dd5a440a31fa ("Linux 6.9-rc7"). El commit e1d09c2c2f57 ("af_unix: corregir ejecucións de datos alrededor de sk->sk_shutdown.") abordó un problema comparable en el pasado con respecto a sk->sk_shutdown. Sin embargo, pasó por alto resolver esta ruta de datos en particular. Este parche solo ofende la función unix_stream_sendmsg(), ya que las otras lecturas parecen estar protegidas por unix_state_lock() como se explica en

19 Jun 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-19 14:15

Updated : 2025-09-17 21:09

NVD link : CVE-2024-38596

Mitre link : CVE-2024-38596

CVE.ORG link : CVE-2024-38596

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10