CVE-2024-41048: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-41048 is a vulnerability in the Linux kernel's socket message handling system, specifically in the skmsgrecvmsg() function. The vulnerability was discovered when running BPF selftests on a Loongarch platform, where a NULL pointer dereference could occur when processing zero-length socket buffer (skb) messages (NVD).

The vulnerability occurs when a NULL pointer is passed to pageaddress() in the skmsgrecvmsg() function. The issue arises when processing a zero-length skb (TCP FIN packet) that was queued through skpsockskbingressenqueue(). In this case, no page is assigned to the scatter-gather element (sge), but the empty sge is still queued into the ingressmsg list. When skmsgrecvmsg() processes this sge, it retrieves a NULL page via sgpage(sge), which is then passed to copypagetoiter(), leading to a kernel panic on Loongarch platforms due to architectural differences in NULL pointer handling (Kernel Patch).

The vulnerability can lead to a kernel panic (system crash) on affected systems, particularly on Loongarch platforms. While the issue remained hidden on x86 platforms due to different architectural implementations of page_address(), it poses a significant denial of service risk on Loongarch systems (NVD).

The issue has been fixed in the Linux kernel by modifying skmsgrecvmsg() to skip the copypageto_iter() call when processing zero-length skbs. The fix involves checking if the copy length is zero before attempting to copy the page data (Kernel Patch).