{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-36905","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-30T15:25:07.067Z","datePublished":"2024-05-30T15:29:06.046Z","dateUpdated":"2026-05-12T11:54:14.051Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:16:45.826Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n         TCP_CLOSE\nconnect()\n         TCP_SYN_SENT\n         TCP_SYN_RECV\nshutdown() -> tcp_shutdown(sk, SEND_SHUTDOWN)\n         TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -> TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk->sk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 <48> f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS:  00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n  tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n  tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n  inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n  sock_recvmsg_nosec net/socket.c:1046 [inline]\n  sock_recvmsg+0x109/0x280 net/socket.c:1068\n  ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n  ___sys_recvmsg net/socket.c:2845 [inline]\n  do_recvmmsg+0x474/0xae0 net/socket.c:2939\n  __sys_recvmmsg net/socket.c:3018 [inline]\n  __do_sys_recvmmsg net/socket.c:3041 [inline]\n  __se_sys_recvmmsg net/socket.c:3034 [inline]\n  __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/tcp.c","net/ipv4/tcp_input.c","net/ipv4/tcp_output.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"34e41a031fd7523bf1cd00a2adca2370aebea270","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ed5e279b69e007ce6c0fe82a5a534c1b19783214","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"413c33b9f3bc36fdf719690a78824db9f88a9485","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2552c9d9440f8e7a2ed0660911ff00f25b90a0a4","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"3fe4ef0568a48369b1891395d13ac593b1ba41b1","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f47d0d32fa94e815fdd78b8b88684873e67939f4","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"cbf232ba11bc86a5281b4f00e1151349ef4d45cf","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"94062790aedb505bdda209b10bea47b294d6394f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv4/tcp.c","net/ipv4/tcp_input.c","net/ipv4/tcp_output.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.19.314","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.276","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.217","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.159","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.91","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.31","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.10","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.314"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.276"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.6.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.8.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"},{"url":"https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"},{"url":"https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"},{"url":"https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"},{"url":"https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"},{"url":"https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"},{"url":"https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"},{"url":"https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"},{"url":"https://www.openwall.com/lists/oss-security/2024/10/29/1"}],"title":"tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"references":[{"url":"https://github.com/cisagov/vulnrichment/issues/130"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/12/4"},{"url":"https://alas.aws.amazon.com/cve/html/CVE-2024-36905.html"},{"url":"https://access.redhat.com/security/cve/cve-2024-36905"}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"34e41a031fd7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"ed5e279b69e0","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"413c33b9f3bc","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"affected","versions":[{"version":"1da177e4c3f","status":"affected","lessThan":"2552c9d9440f","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"3fe4ef0568a4","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"f47d0d32fa94","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"cbf232ba11bc","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1da177e4c3f4","status":"affected","lessThan":"94062790aedb","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.19.314","status":"unaffected","lessThan":"4.20","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.10.217","status":"unaffected","lessThan":"5.11","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.15.159","status":"unaffected","lessThan":"5.16","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.1.91","status":"unaffected","lessThan":"6.2","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6.31","status":"unaffected","lessThan":"6.7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.9","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"unaffected","lessThan":"2.6.12","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.6.12","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.4.276","status":"unaffected","lessThan":"5.5","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.8.10","status":"unaffected","lessThan":"6.9","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-19T18:00:22.813648Z","id":"CVE-2024-36905","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-14T16:43:30.740Z"}},{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20240905-0005/"},{"url":"http://www.openwall.com/lists/oss-security/2024/10/29/1"},{"url":"http://www.openwall.com/lists/oss-security/2024/10/30/1"},{"url":"http://www.openwall.com/lists/oss-security/2024/11/12/4"},{"url":"http://www.openwall.com/lists/oss-security/2024/11/12/5"},{"url":"http://www.openwall.com/lists/oss-security/2024/11/12/6"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-11-12T19:02:41.493Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:54:14.051Z"},"affected":[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","versions":[{"status":"affected","version":"0","lessThan":"V3.1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","versions":[{"status":"unaffected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","versions":[{"status":"affected","version":"0","lessThan":"V3.1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-398330.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html"}]}]},"dataVersion":"5.2"}