{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:14:28.126","vulnerabilities":[{"cve":{"id":"CVE-2024-36489","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-06-21T11:15:10.513","lastModified":"2024-11-21T09:22:16.667","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk->sk_prot)->setsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx->sk_proto->setsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tls: corrige la barrera de memoria faltante en tls_init En tls_init(), falta una barrera de memoria de escritura y el reordenamiento tienda-tienda puede causar una desreferencia NULL en tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // En tls_init() // En tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // En update_sk_prot( ) WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // En sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // En tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt () -(3) En el escenario anterior, cuando (1) y (2) se reordenan, (3) puede observar el valor NULL de ctx->sk_proto, lo que provoca la desreferencia NULL. Para solucionarlo, confiamos en rcu_assign_pointer() que implica la semántica de barrera de liberación. Al mover rcu_assign_pointer() después de inicializar ctx->sk_proto, podemos asegurarnos de que ctx->sk_proto sean visibles al cambiar sk->sk_prot."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.10.219","matchCriteriaId":"1EDE42D8-582E-4251-943B-96BC242F2876"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.161","matchCriteriaId":"31130639-53FE-4726-8986-434EE2528CB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.93","matchCriteriaId":"EEFB78EE-F990-4197-BF1C-156760A55667"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.33","matchCriteriaId":"FCE796DF-3B50-4DC6-BAE5-95271068FC9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9.4","matchCriteriaId":"991B9791-966A-4D18-9E8D-A8AB128E5627"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}