CVE-2024-46763: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46763 is a NULL pointer dereference vulnerability discovered in the Linux kernel's FOU (Foo-over-UDP) implementation. The vulnerability was identified in September 2024 and affects Linux kernel versions from 4.7 up to versions before 5.10.226, 5.15.167, 6.1.110, 6.6.51, and 6.10.10 (NVD).

The vulnerability occurs in the fougroreceive() function when shutting down a host. The NULL pointer dereference happens when accessing sk->skuserdata, specifically at offset 8 of the protocol in struct fou. When fourelease() is called due to netns dismantle or explicit tunnel teardown, udptunnelsockrelease() sets NULL to sk->skuserdata. After a single RCU grace period, the tunnel socket is destroyed, but in-flight udp4groreceive() could still find the socket and execute the FOU GRO handler where sk->skuserdata could be NULL. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service condition through a kernel NULL pointer dereference, potentially causing the system to crash when the FOU networking feature is being used during shutdown operations (NVD).

The vulnerability has been fixed by using rcudereferenceskuserdata() in foufromsock() and adding NULL checks in FOU GRO handlers. The fix has been implemented in multiple kernel versions through backported patches. Users should update to kernel versions 5.10.226, 5.15.167, 6.1.110, 6.6.51, 6.10.10 or later to address this vulnerability (Kernel Patch).