CVE-2024-36489: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-36489 is a vulnerability in the Linux kernel's TLS (Transport Layer Security) implementation. The issue was discovered in the tls_init() function where a missing write memory barrier could lead to store-store reordering, potentially causing NULL dereference in tls_{setsockopt,getsockopt} functions (Kernel Git).

The vulnerability stems from a race condition in the TLS initialization process. When store-store reordering occurs between ctx->sk_proto initialization and sk->sk_prot update, it can result in a NULL dereference. The issue specifically manifests in a scenario where CPU operations can be reordered: ctx->sk_proto = READ_ONCE(sk->sk_prot) can be reordered with WRITE_ONCE(sk->sk_prot, tls_prots), potentially leading to ctx->sk_proto->setsockopt() accessing a NULL value (Kernel Git).

The vulnerability can lead to NULL pointer dereference in the Linux kernel's TLS implementation, potentially causing system crashes or denial of service conditions (NVD).

The fix involves using rcu_assign_pointer() which provides release barrier semantics. The patch moves the rcu_assign_pointer() call after ctx->sk_proto initialization to ensure proper ordering of operations. This ensures that ctx->sk_proto is visible before changing sk->sk_prot in update_sk_prot() (Kernel Git).