oss-sec mailing list archives
CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets
From: Joel GUITTET <jguittet.opensource () witekio com>
Date: Tue, 29 Oct 2024 13:03:43 +0000
Hello, We would like to ask your advice about the CVE-2024-36905 (tcp shutdown vulnerability). NIST indicates a network vector while AWS and Red Hat indicates local attack vector. Our cybersecurity team has difficulties to justify that a local vector is appropriate here. Can you help us to understand this specific point for this CVE ? The hypothesis we have is that a TCP socket need to be open/closed quickly, and maybe it's not possible remotely ? Thanks for the feedback! Best Regards J. Guittet
Current thread:
- CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Joel GUITTET (Oct 29)
- Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Jacob Bachmeyer (Oct 29)
- Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Solar Designer (Nov 12)
- Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Clemens Lang (Nov 12)
- RE: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Joel GUITTET (Nov 12)
- Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Solar Designer (Nov 12)
- Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Jacob Bachmeyer (Oct 29)