Bug 2297909 (CVE-2024-41007)
| Summary: | CVE-2024-41007 kernel: tcp: avoid too many retransmit packets | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 6.10 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the tcp_retransmit_timer function in the Linux kernel's TCP implementation. This issue occurs when a TCP socket uses TCP_USER_TIMEOUT and the peer's window retracts to zero, leading to excessive retransmission of packets every two milliseconds for up to four minutes after the timeout, which can result in network congestion and performance degradation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2024:10771 https://access.redhat.com/errata/RHSA-2024:10771 |
In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4.