CVE-2024-57974
📋 TL;DR
A race condition in the Linux kernel's UDP implementation causes temporary lookup failures when a UDP socket changes its local address via connect(). This results in dropped packets and ICMP port unreachable errors, affecting systems using UDP sockets with address changes. The vulnerability primarily impacts UDP servers that connect back to clients after receiving initial datagrams.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Critical UDP-based services experience intermittent packet loss and connection failures, potentially causing service disruption, data loss, or application crashes in time-sensitive applications.
Likely Case
Intermittent UDP packet drops leading to connection timeouts, retransmissions, and degraded performance for UDP-based services like DNS, NTP, or custom UDP applications.
If Mitigated
Minor performance impact with occasional packet loss that may be masked by application-level retry mechanisms.
🎯 Exploit Status
The provided reproducer demonstrates the issue, but weaponization is unlikely as this causes denial of service rather than privilege escalation or data compromise. Exploitation requires precise timing between UDP socket operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes: 4f8344fce91c, a502ea6fa94b, d65d3bf309b2
Vendor Advisory: https://git.kernel.org/stable/c/4f8344fce91c5766d368edb0ad80142eacd805c7
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid UDP connect() during reception
linuxModify applications to avoid connect() operations on UDP sockets while actively receiving datagrams
Use TCP instead of UDP where possible
allReplace UDP-based services with TCP for critical applications to avoid race condition
🧯 If You Can't Patch
- Monitor UDP services for ICMP port unreachable errors and implement application-level retry mechanisms
- Implement network monitoring to detect increased UDP packet loss and adjust UDP timeout settings in applications
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using UDP sockets with connect() operations during datagram receptionCheck Version:
uname -rVerify Fix Applied:
Run kernel version check and test UDP applications that previously showed intermittent connection issues📡 Detection & Monitoring
Log Indicators:
- ICMP port unreachable errors in system logs
- UDP connection refused errors in application logs
- Increased UDP packet retransmissions
Network Indicators:
- ICMP type 3 code 3 (port unreachable) packets
- UDP packet loss patterns with specific timing
SIEM Query:
search 'ICMP port unreachable' OR 'UDP connection refused' in network or system logs