Vulnerabilities > CVE-2024-41007 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283
- https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4
- https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969
- https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982
- https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570
- https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466
- https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde
- https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1