CVE-2024-44946: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-44946 is a use-after-free vulnerability in the Linux kernel's KCM (Kernel Connection Multiplexor) module. The vulnerability was discovered in August 2024 and affects Linux kernel versions from 4.6 up to (excluding) 6.1.107, 6.2 to 6.6.48, 6.7 to 6.10.7, and 6.11-rc1 through 6.11-rc4 (NVD).

The vulnerability occurs in the kcmsendmsg() function when multiple threads interact with the same socket. The issue arises in a race condition scenario where: 1) Thread A builds a skb with MSGMORE and sets kcm->seqskb, 2) Thread A gets blocked by skstreamwaitmemory(), 3) Thread B concurrently calls sendmsg(), completes building kcm->seqskb and puts it in the write queue, 4) Thread A encounters an error and frees the skb that's already in the write queue, leading to a double-free in kcmrelease() (Kernel Patch).

The vulnerability can lead to a use-after-free condition in the Linux kernel's KCM module, potentially resulting in system crashes or denial of service. The CVSS v3.1 base score is 5.5 (Medium), with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability has been fixed by adding a per-socket mutex (txmutex) to serialize kcmsendmsg() operations for the same socket. The fix ensures that when a thread is building a MSG_MORE skb, other threads cannot access it simultaneously. Users should update to patched kernel versions: 6.1.107 or later, 6.6.48 or later, or 6.10.7 or later (NVD).