CVE-2024-49952: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49952 affects the Linux kernel's netfilter subsystem, specifically the nf_tables component. The vulnerability was discovered by syzbot and involves unsafe writing to the per-CPU variable nf_skb_duplicated in the nf_dup_ipv4() and nf_dup_ipv6() functions. The issue affects Linux kernel versions from 4.3 up to versions before 6.11.3 (NVD).

The vulnerability stems from improper handling of the per-CPU variable nf_skb_duplicated in the netfilter subsystem. The bug occurs when nf_dup_ipv4() or nf_dup_ipv6() writes to this variable without proper synchronization. While disabling preemption was attempted as a fix, it proved insufficient - soft interrupts also needed to be disabled to prevent corruption. The issue has a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to memory corruption in the kernel's network filtering subsystem. If exploited, it could cause a denial of service condition through system crashes. The impact is limited to local attacks and requires CAP_NET_ADMIN capability or root privileges to exploit (Red Hat).

The vulnerability has been fixed in the Linux kernel through patches that properly handle the per-CPU variable access by implementing local_bh_disable() and local_bh_enable() around the critical sections. The fix has been backported to multiple stable kernel versions. Users should update their kernel to a patched version (Kernel Patch).