CVE-2024-57903: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57903 is a vulnerability in the Linux kernel related to the SO_REUSEPORT socket option. The issue was discovered and disclosed in January 2025, affecting the Linux kernel's networking stack. The vulnerability involves crypto sockets being accidentally destroyed from RCU callbacks, which was identified when attempting to acquire a mutex in an invalid context (NVD, Kernel Commit).

The vulnerability occurs when crypto sockets could accidentally be destroyed from RCU callback, specifically when trying to acquire a mutex in RCU callback, which is not allowed. The issue was triggered in the kernel's networking stack when handling SOREUSEPORT socket options. The bug manifests as a sleeping function being called from an invalid context at kernel/locking/mutex.c:562, with preemptcount at 100 when it should be 0 (Kernel Commit).

The vulnerability could lead to system instability and potential crashes due to improper mutex handling in RCU callbacks. This particularly affects systems using crypto sockets with SO_REUSEPORT option enabled (NVD).

The issue has been patched by restricting the SOREUSEPORT socket option to inet sockets only. The fix was implemented in multiple kernel versions and backported to various stable trees. The patch adds additional checks to prevent non-inet sockets from using the SOREUSEPORT option (Kernel Commit, Debian Update).