{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38596", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.931Z", "datePublished": "2024-06-19T13:45:45.984Z", "dateUpdated": "2025-05-04T09:14:55.180Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:14:55.180Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/unix/af_unix.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fca6072e1a7b1e709ada5604b951513b89b4bd0a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "de6641d213373fbde9bbdd7c4b552254bc9f82fe", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4d51845d734a4c5d079e56e0916f936a55e15055", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9aa8773abfa0e954136875b4cbf2df4cf638e8a5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8299e4d778f664b31b67cf4cf3d5409de2ecb92c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0688d4e499bee3f2749bca27329bd128686230cb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a4c88072abcaca593cefe70f90e9d3707526e8f9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a52fa2addfcccc2c5a0217fd45562605088c018b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "540bf24fba16b88c1b3b9353927204b4f1074e25", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/unix/af_unix.c"], "versions": [{"version": "2.6.12", "status": "affected"}, {"version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "4.19.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.4.278"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.10.219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.15.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.1.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.9.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}], "title": "af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.062Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:37.376960Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:54.639Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.062Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:37.376960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.758Z"}}], "cna": {"title": "af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "fca6072e1a7b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "de6641d21337", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4d51845d734a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "9aa8773abfa0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "8299e4d778f6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0688d4e499be", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a4c88072abca", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a52fa2addfcc", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "540bf24fba16", "versionType": "git"}], "programFiles": ["net/unix/af_unix.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.12"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.12", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.316", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/unix/af_unix.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}, {"url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:30:35.802Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38596", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:30:35.802Z", "dateReserved": "2024-06-18T19:36:34.931Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:45:45.984Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "90428380-A9D6-4FC4-85D4-392E92A80249", "versionEndExcluding": "4.19.316", "versionStartIncluding": "2.6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701", "versionEndExcluding": "5.4.278", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2", "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011", "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: corrige ejecuci\u00f3ns de datos en unix_release_sock/unix_stream_sendmsg Se identific\u00f3 una condici\u00f3n de ejecuci\u00f3n de datos en af_unix. En una ruta de datos, la funci\u00f3n de escritura unix_release_sock() escribe at\u00f3micamente en sk->sk_shutdown usando WRITE_ONCE. Sin embargo, en el lado del lector, unix_stream_sendmsg() no lo lee at\u00f3micamente. En consecuencia, este problema est\u00e1 provocando que se produzca el siguiente s\u00edmbolo de KCSAN: ERROR: KCSAN: data-race en unix_release_sock / unix_stream_sendmsg escribe (marcado) en 0xffff88867256ddbb de 1 byte por tarea 7270 en la CPU 28: unix_release_sock (net/unix/af_unix.c: 640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508 ) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/ common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) le\u00eddo en 0xffff88867256ddbb de 1 bytes por la tarea 989 en la CPU 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket .c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/ socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64 .S:130) valor cambiado: 0x01 -> 0x03 Los n\u00fameros de l\u00ednea est\u00e1n relacionados con el commit dd5a440a31fa (\"Linux 6.9-rc7\"). El commit e1d09c2c2f57 (\"af_unix: corregir ejecuci\u00f3ns de datos alrededor de sk->sk_shutdown.\") abord\u00f3 un problema comparable en el pasado con respecto a sk->sk_shutdown. Sin embargo, pas\u00f3 por alto resolver esta ruta de datos en particular. Este parche solo ofende la funci\u00f3n unix_stream_sendmsg(), ya que las otras lecturas parecen estar protegidas por unix_state_lock() como se explica en"}], "id": "CVE-2024-38596", "lastModified": "2025-09-17T21:09:06.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-19T14:15:19.640", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:4902", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.113.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-29T00:00:00Z"}, {"advisory": "RHSA-2024:6206", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.70.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:4823", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.75.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4831", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:9546", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.44.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}], "bugzilla": {"description": "kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg", "id": "2293371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293371"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\nBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\nwrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\nunix_release_sock (net/unix/af_unix.c:640)\nunix_release (net/unix/af_unix.c:1050)\nsock_close (net/socket.c:659 net/socket.c:1421)\n__fput (fs/file_table.c:422)\n__fput_sync (fs/file_table.c:508)\n__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n__x64_sys_close (fs/open.c:1541)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\nunix_stream_sendmsg (net/unix/af_unix.c:2273)\n__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n____sys_sendmsg (net/socket.c:2584)\n__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nvalue changed: 0x01 -> 0x03\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in"], "name": "CVE-2024-38596", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38596\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38596\nhttps://lore.kernel.org/linux-cve-announce/2024061956-CVE-2024-38596-f660@gregkh/T"], "threat_severity": "Low"}