CVE-2024-47709: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47709 affects the Linux kernel's CAN (Controller Area Network) BCM (Broadcast Manager) subsystem. The vulnerability was discovered when syzbot reported a warning in bcm_release() function. The issue occurs when a socket is closed without a second connect() after its connected device has been unregistered, causing an unnecessary remove_proc_entry() call due to remaining bo->bcm_proc_read (Kernel Patch).

The vulnerability stems from a race condition in the Linux kernel's CAN BCM implementation. When a device is unregistered, the bcm_notify() function removes the proc entry but previously didn't clear the bo->bcm_proc_read pointer. This could lead to an unnecessary remove_proc_entry() call in bcm_release() when the socket is closed. The issue has a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause a denial of service condition through a system crash when the affected code path is triggered. The impact is limited to local systems where an attacker has the ability to interact with the CAN subsystem (NVD).

The vulnerability has been fixed in multiple Linux kernel versions including 5.10.226, 5.15.167, 6.1.110-6.1.113, and 6.6.51-6.6.54. The fix involves clearing bo->bcm_proc_read after remove_proc_entry() in bcm_notify() (Ubuntu Notice).