CVE-2024-49944

一、漏洞信息
漏洞编号：CVE-2024-49944
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_startIn sctp_listen_start() invoked by sctp_inet_listen(), it should set thesk_state back to CLOSED if sctp_autobind() fails due to whatever reason.Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuseis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash willbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hashis NULL. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline]
漏洞公开时间：2024-10-22 02:15:15
漏洞创建时间：2024-10-22 04:24:55
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-49944

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49944	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-49944	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-49944.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1232166
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2320496	https://bugzilla.suse.com/show_bug.cgi?id=1232166
redhat_bugzilla	https://lore.kernel.org/linux-cve-announce/2024102128-CVE-2024-49944-240a@gregkh/T	https://bugzilla.redhat.com/show_bug.cgi?id=2320496
debian		https://security-tracker.debian.org/tracker/CVE-2024-49944
mageia		http://advisories.mageia.org/MGASA-2024-0345.html

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062		nvd
		https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7		nvd
		https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba		nvd
		https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160		nvd
		https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455		nvd
		https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa		nvd
		https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce		nvd
		https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5		nvd
		https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d		nvd

二、漏洞分析结构反馈
影响性分析说明：
Reserved.
openEuler评分：
5.5
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):受影响
3.openEuler-22.03-LTS-SP4(5.10.0):受影响
4.openEuler-24.03-LTS(6.6.0):受影响
5.master:不受影响
6.openEuler-24.03-LTS-Next(6.6.0):不受影响
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master:否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-22.03-LTS-SP3(5.10.0):正常修复
2.openEuler-22.03-LTS-SP4(5.10.0):正常修复
3.openEuler-24.03-LTS(6.6.0):正常修复
4.openEuler-20.03-LTS-SP4(4.19.90):不修复-超出修复范围
5.master:不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响-漏洞代码不存在

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1078

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@oskernel0719 ,@gasonchen 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP1(5.10.0):
4.openEuler-22.03-LTS-SP3(5.10.0):
5.openEuler-22.03-LTS-SP4(5.10.0):
6.openEuler-24.03-LTS(6.6.0):
7.openEuler-24.03-LTS-Next(6.6.0):

修复是否涉及abi变化(是/否)：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP1(5.10.0):
4.openEuler-22.03-LTS-SP3(5.10.0):
5.openEuler-22.03-LTS-SP4(5.10.0):
6.openEuler-24.03-LTS(6.6.0):
7.openEuler-24.03-LTS-Next(6.6.0):

-----------------------------------------------------------------------
issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

CVE-2024-49944

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start

In sctp_listen_start() invoked by sctp_inet_listen(), it should set the
sk_state back to CLOSED if sctp_autobind() fails due to whatever reason.

Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse
is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will
be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash
is NULL.

KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617
Call Trace:

__sys_listen_socket net/socket.c:1883 [inline]
__sys_listen+0x1b7/0x230 net/socket.c:1894
__do_sys_listen net/socket.c:1902 [inline]

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4:受影响
2.openEuler-22.03-LTS-SP1:受影响
3.openEuler-22.03-LTS-SP3:受影响
4.openEuler-22.03-LTS-SP4:受影响
5.master(6.1.0):不受影响
6.openEuler-24.03-LTS:受影响
7.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4:否
2.openEuler-22.03-LTS-SP1:否
3.openEuler-22.03-LTS-SP3:否
4.master(6.1.0):否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-22.03-LTS-SP4:否