Cyber Security News

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years, that could allow attackers to execute remote code.

The flaw, identified in the core TCP subsystem, was introduced through a race condition in the inet_twsk_hashdance function.

This issue, now tracked as CVE-2024-36904, was patched last year after being reported by security researchers.

Technical Breakdown of the Vulnerability

The vulnerability stems from a race condition between the tcp_twsk_unique() and inet_twsk_hashdance() functions.

Specifically, the issue arises because a time-wait TCP socket’s reference counter is initialized after being inserted into a hash table and releasing a lock.

If a lookup occurs before this initialization, the object is found with a zeroed reference counter, triggering warnings and potentially leading to use-after-free scenarios.

The flaw was first noticed during routine audits of the Linux kernel source code and fuzzing tests using tools like Syzkaller.

The researchers initially aimed to reproduce another known bug but inadvertently discovered this deeper issue.

They confirmed its presence in several Linux distributions, including Red Hat Enterprise Linux derivatives and Fedora.

Exploitation Potential

While Linux kernels include protections against reference counter issues, this vulnerability bypasses those safeguards under specific conditions.

If operations on the socket follow an exact sequence, the reference counter can become unbalanced, leading to premature object release and genuine use-after-free exploitation.

This could allow attackers to execute arbitrary code within the kernel context.

Proof-of-concept exploits demonstrated that this vulnerability could be triggered under controlled conditions.

However, real-world exploitation would require precise timing and understanding of kernel internals.

The vulnerability was patched upstream in May 2024. Administrators are urged to update their systems to kernel versions containing the fix.

For Red Hat Enterprise Linux derivatives and other affected distributions, applying vendor-provided patches is critical.

Allele Security discovery underscores the importance of proactive kernel auditing and patching practices.

As vulnerabilities can persist unnoticed for years, organizations should prioritize timely updates to mitigate risks associated with legacy flaws.

The CVE-2024-36904 case highlights how even long-standing vulnerabilities can pose significant security threats if left unaddressed.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting

Security researchers at Elastic have recreated the intricate details of the February 21, 2025, ByBit…

29 minutes ago

Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials

Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by the…

36 minutes ago

DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape

DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat that…

43 minutes ago

Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection…

1 hour ago

IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads

 IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos…

2 hours ago

Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code

Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform,…

3 hours ago