CVE-2024-41007

tcp: avoid too many retransmit packets

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tcp: avoid too many retransmit packets

If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
retracted its window to zero, tcp_retransmit_timer() can
retransmit a packet every two jiffies (2 ms for HZ=1000),
for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.

The fix is to make sure tcp_rtx_probe0_timed_out() takes
icsk->icsk_user_timeout into account.

Before blamed commit, the socket would not timeout after
icsk->icsk_user_timeout, but would use standard exponential
backoff for the retransmits.

Also worth noting that before commit e89688e3e978 ("net: tcp:
fix unexcepted socket die when snd_wnd is 0"), the issue
would last 2 minutes instead of 4.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: evitar demasiados paquetes de retransmisión Si un socket TCP está usando TCP_USER_TIMEOUT y el otro par retrajo su ventana a cero, tcp_retransmit_timer() puede retransmitir un paquete cada dos santiamén (2 ms). para HZ=1000), durante aproximadamente 4 minutos después de que TCP_USER_TIMEOUT haya 'expirado'. La solución es asegurarse de que tcp_rtx_probe0_timed_out() tenga en cuenta icsk->icsk_user_timeout. Antes de el commit culpable, el socket no expiraba después de icsk->icsk_user_timeout, sino que usaba un retroceso exponencial estándar para las retransmisiones. También vale la pena señalar que antes de commit e89688e3e978 ("net: tcp: fix unexcepted socket die cuando snd_wnd es 0"), el problema duraría 2 minutos en lugar de 4.

*Credits: N/A

CVSS Scores

NISTv3.1 3.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-12 CVE Reserved
2024-07-15 CVE Published
2024-07-19 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/b701a99e431db784714c32fc6b68123045714679	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4	2024-07-18
https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969	2024-07-18
https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982	2024-07-18
https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570	2024-07-18
https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466	2024-07-18
https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde	2024-07-18
https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1	2024-07-18
https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283	2024-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 4.19.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 5.4.280 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 5.4.280"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 5.10.222 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 5.10.222"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 5.15.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 5.15.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.1.100 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.1.100"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.6.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.6.41"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.9.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.9.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.10"		en		Affected