Bug 1224746 (CVE-2024-27429)

Summary:	VUL-0: REJECTED: CVE-2024-27429: kernel: netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED WONTFIX	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	gianluca.gabrielli, jlee, mhocko, mkubecek, rfrohl
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/406350/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-27429:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-05-20 16:24:10 UTC

In the Linux kernel, the following vulnerability has been resolved:

netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser

We need to protect the reader reading the sysctl value
because the value can be changed concurrently.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-27429
https://www.cve.org/CVERecord?id=CVE-2024-27429
https://git.kernel.org/stable/c/18c95d11c347a12e5c31df1325cef6b995d14ecf
https://git.kernel.org/stable/c/1e84b108f2a71daa8d04032e4d2096522376debb
https://git.kernel.org/stable/c/591192c3a9fc728a0af7b9dd50bf121220062293
https://git.kernel.org/stable/c/7e1e25891f090e24a871451c9403abac63cb45dd
https://git.kernel.org/stable/c/b3f0bc3a315cf1af03673a0163c08fe037587acd
https://git.kernel.org/stable/c/cfd9f4a740f772298308b2e6070d2c744fb5cf79
https://git.kernel.org/stable/c/e3a3718b1723253d4f068e88e81d880d71f1a1e9
https://git.kernel.org/stable/c/e439607291c082332e1e35baf8faf8552e6bcb4a
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-27429.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2281073

Comment 1 Michal Hocko 2024-05-20 19:22:48 UTC

There is a batch of similar reports: bug 1224750, bug 1224753, bug 1224754, bug 1224760, bug 1224761, bug 1224762. All of them essentially copying the specific sysctl value by READ_ONCE. I really fail to see how this can have any security implications. For one thing those sysctls can be modified by the root by default but even aside from that let's say that a malicious user would be modifying them on the fly. What could potentially happen even if those values would be a garbage?

Comment 4 Joey Lee 2024-05-21 05:26:54 UTC

https://www.suse.com/security/cve/CVE-2024-27429.html
cvss 5.5

Comment 6 Michal Hocko 2024-05-21 08:40:11 UTC

I have asked about security implications just out of curiosity:
https://lore.kernel.org/all/ZkxdqOUek_MHqIMn@tiehlicka/T/#u

Comment 8 Robert Frohl 2024-05-21 14:46:40 UTC

REJECTED:

https://lore.kernel.org/linux-cve-announce/2024052157-REJECTED-68e2@gregkh/T/#u

Comment 11 Davide Benini 2024-05-22 10:31:01 UTC

Closing as RESOLVED/WONTFIX.
The claim about the race is correct, but there are no security consequences

Back to the security team

Comment 12 Michal Hocko 2024-05-23 13:10:32 UTC

(In reply to Davide Benini from comment #11)
> Closing as RESOLVED/WONTFIX.
> The claim about the race is correct, but there are no security consequences
> 
> Back to the security team

For reference
https://lore.kernel.org/all/2024051722-CVE-2024-27429-878c@gregkh/T/#m29b69ed0e008e55ce2d9a6ef6f9c8b6ca85917e9