Cyber Security News

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years, that could allow attackers to execute remote code.

The flaw, identified in the core TCP subsystem, was introduced through a race condition in the inet_twsk_hashdance function.

This issue, now tracked as CVE-2024-36904, was patched last year after being reported by security researchers.

Technical Breakdown of the Vulnerability

The vulnerability stems from a race condition between the tcp_twsk_unique() and inet_twsk_hashdance() functions.

Specifically, the issue arises because a time-wait TCP socket’s reference counter is initialized after being inserted into a hash table and releasing a lock.

If a lookup occurs before this initialization, the object is found with a zeroed reference counter, triggering warnings and potentially leading to use-after-free scenarios.

The flaw was first noticed during routine audits of the Linux kernel source code and fuzzing tests using tools like Syzkaller.

The researchers initially aimed to reproduce another known bug but inadvertently discovered this deeper issue.

They confirmed its presence in several Linux distributions, including Red Hat Enterprise Linux derivatives and Fedora.

Exploitation Potential

While Linux kernels include protections against reference counter issues, this vulnerability bypasses those safeguards under specific conditions.

If operations on the socket follow an exact sequence, the reference counter can become unbalanced, leading to premature object release and genuine use-after-free exploitation.

This could allow attackers to execute arbitrary code within the kernel context.

Proof-of-concept exploits demonstrated that this vulnerability could be triggered under controlled conditions.

However, real-world exploitation would require precise timing and understanding of kernel internals.

The vulnerability was patched upstream in May 2024. Administrators are urged to update their systems to kernel versions containing the fix.

For Red Hat Enterprise Linux derivatives and other affected distributions, applying vendor-provided patches is critical.

Allele Security discovery underscores the importance of proactive kernel auditing and patching practices.

As vulnerabilities can persist unnoticed for years, organizations should prioritize timely updates to mitigate risks associated with legacy flaws.

The CVE-2024-36904 case highlights how even long-standing vulnerabilities can pose significant security threats if left unaddressed.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

1 day ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

1 day ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

1 day ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

1 day ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

1 day ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

1 day ago