CVE-2024-26731
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26731
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26731.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26731
- Downstream
- Related
- Published
- 2024-04-03T17:00:18Z
- Modified
- 2025-10-15T09:11:04.235988Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix NULL pointer dereference in skpsockverdictdataready()
syzbot reported the following NULL pointer dereference issue [1]:
BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace: <TASK> skpsockverdictdataready+0x232/0x340 net/core/skmsg.c:1230 unixstreamsendmsg+0x9b4/0x1230 net/unix/afunix.c:2293 socksendmsgnosec net/socket.c:730 [inline] socksendmsg+0x221/0x270 net/socket.c:745 syssendmsg+0x525/0x7d0 net/socket.c:2584 _syssendmsg net/socket.c:2638 [inline] _syssendmsg+0x2b0/0x3a0 net/socket.c:2667 dosyscall64+0xf9/0x240 entrySYSCALL64afterhwframe+0x6f/0x77
If skpsockverdictdataready() and skpsockstopverdict() are called concurrently, psock->saveddata_ready can be NULL, causing the above issue.
This patch fixes this issue by calling the appropriate data ready function using the skpsockdataready() helper and protecting it from concurrency with sk->skcallback_lock.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54
- https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8
- https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26
- https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd628fc697ee59b76bd3877c4bd13f07ccc3776fFixed4588b13abcbd561ec67f5b3c1cb2eff690990a54
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6df7f764cd3cf5a03a4a47b23be47e57e41fcd85Fixed9b099ed46dcaf1403c531ff02c3d7400fa37fa26
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6df7f764cd3cf5a03a4a47b23be47e57e41fcd85Fixedd61608a4e394f23e0dca099df9eb8e555453d949
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6df7f764cd3cf5a03a4a47b23be47e57e41fcd85Fixed4cd12c6065dfcdeba10f49949bffcf383b3952d8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd3cbd7c571446a876aefd8320500300b2c951c58
Affected versions
v5.*
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.3
v5.10.4
v5.10.5
v5.10.6
v5.10.7
v5.10.8
v5.10.9
v5.11.1
v5.11.10
v5.11.11
v5.11.12
v5.11.13
v5.11.14
v5.11.15
v5.11.16
v5.11.17
v5.11.18
v5.11.19
v5.11.2
v5.11.20
v5.11.21
v5.11.3
v5.11.4
v5.11.5
v5.11.6
v5.11.7
v5.11.8
v5.11.9
v5.12.1
v5.12.10
v5.12.11
v5.12.12
v5.12.13
v5.12.14
v5.12.15
v5.12.16
v5.12.17
v5.12.18
v5.12.19
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.12.6
v5.12.7
v5.12.8
v5.12.9
v5.13.1
v5.13.10
v5.13.11
v5.13.12
v5.13.13
v5.13.14
v5.13.15
v5.13.16
v5.13.17
v5.13.18
v5.13.2
v5.13.3
v5.13.4
v5.13.5
v5.13.6
v5.13.7
v5.13.8
v5.13.9
v5.14.1
v5.14.10
v5.14.11
v5.14.12
v5.14.13
v5.14.14
v5.14.15
v5.14.16
v5.14.17
v5.14.18
v5.14.19
v5.14.2
v5.14.20
v5.14.3
v5.14.4
v5.14.5
v5.14.6
v5.14.7
v5.14.8
v5.14.9
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.19
v5.16.2
v5.16.20
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.17
v5.18.18
v5.18.19
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19.1
v5.19.10
v5.19.11
v5.19.12
v5.19.13
v5.19.14
v5.19.15
v5.19.16
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v5.19.9
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.1
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.15
v5.7.16
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.8.1
v5.8.10
v5.8.11
v5.8.12
v5.8.13
v5.8.14
v5.8.15
v5.8.16
v5.8.17
v5.8.18
v5.8.2
v5.8.3
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9
v5.9.1
v5.9.10
v5.9.11
v5.9.12
v5.9.13
v5.9.14
v5.9.15
v5.9.16
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6
v5.9.7
v5.9.8
v5.9.9
v6.*
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.18
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.2
v6.1.3
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.9
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.13
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.10
v6.11.11
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.11.7
v6.11.8
v6.11.9
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.11
v6.13.12
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.10
v6.14.11
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.14.6
v6.14.7
v6.14.8
v6.14.9
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.10
v6.15.11
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.10
v6.16.11
v6.16.12
v6.16.2
v6.16.3
v6.16.4
v6.16.5
v6.16.6
v6.16.7
v6.16.8
v6.16.9
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3.10
v6.3.11
v6.3.12
v6.3.13
v6.3.6
v6.3.7
v6.3.8
v6.3.9
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.10
v6.4.11
v6.4.12
v6.4.13
v6.4.14
v6.4.15
v6.4.16
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.10
v6.5.11
v6.5.12
v6.5.13
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.10
v6.9.11
v6.9.12
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8
v6.9.9
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "net/core/skmsg.c",
"function": "sk_psock_verdict_data_ready"
},
"id": "CVE-2024-26731-390e6089",
"digest": {
"length": 437.0,
"function_hash": "156537493057948765820741320503589928307"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b099ed46dcaf1403c531ff02c3d7400fa37fa26"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "net/core/skmsg.c"
},
"id": "CVE-2024-26731-39a21098",
"digest": {
"line_hashes": [
"100423686715431118115625182833046516178",
"52052633423766674633874068028912452801",
"339688943200397756965378512195377958474",
"93371111868048529439712287394891408394",
"101812772471923215510405498790097630210"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d61608a4e394f23e0dca099df9eb8e555453d949"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "net/core/skmsg.c"
},
"id": "CVE-2024-26731-60fb74c5",
"digest": {
"line_hashes": [
"100423686715431118115625182833046516178",
"52052633423766674633874068028912452801",
"339688943200397756965378512195377958474",
"93371111868048529439712287394891408394",
"101812772471923215510405498790097630210"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9b099ed46dcaf1403c531ff02c3d7400fa37fa26"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "net/core/skmsg.c",
"function": "sk_psock_verdict_data_ready"
},
"id": "CVE-2024-26731-71a67f3c",
"digest": {
"length": 437.0,
"function_hash": "156537493057948765820741320503589928307"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d61608a4e394f23e0dca099df9eb8e555453d949"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "net/core/skmsg.c"
},
"id": "CVE-2024-26731-bc5270e3",
"digest": {
"line_hashes": [
"100423686715431118115625182833046516178",
"52052633423766674633874068028912452801",
"339688943200397756965378512195377958474",
"93371111868048529439712287394891408394",
"101812772471923215510405498790097630210"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4cd12c6065dfcdeba10f49949bffcf383b3952d8"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "net/core/skmsg.c"
},
"id": "CVE-2024-26731-c915f5ad",
"digest": {
"line_hashes": [
"100423686715431118115625182833046516178",
"52052633423766674633874068028912452801",
"339688943200397756965378512195377958474",
"93371111868048529439712287394891408394",
"101812772471923215510405498790097630210"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4588b13abcbd561ec67f5b3c1cb2eff690990a54"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "net/core/skmsg.c",
"function": "sk_psock_verdict_data_ready"
},
"id": "CVE-2024-26731-f7205e46",
"digest": {
"length": 437.0,
"function_hash": "156537493057948765820741320503589928307"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4cd12c6065dfcdeba10f49949bffcf383b3952d8"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "net/core/skmsg.c",
"function": "sk_psock_verdict_data_ready"
},
"id": "CVE-2024-26731-fa538342",
"digest": {
"length": 372.0,
"function_hash": "177510383358436773556047853126388224303"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4588b13abcbd561ec67f5b3c1cb2eff690990a54"
}
]
}