[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-57974":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":78,"related":79,"reserved_at":9,"published_at":92,"modified_at":93,"state":94,"summary":95,"references_raw":104,"kevs":119,"epss":120,"epss_history":123,"metrics":391,"affected":397},"CVE-2024-57974","In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it's receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn't however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit's pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server's socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n  LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n  dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n  while :; do\n  \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc &\n  \tsleep 0.1 || sleep 1\n  \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n  \twait\n  done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n  2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman's tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer's network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n  LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM '.[] | .addr_info[0] | select(.scope == \"global\").local')\"\n\n  while :; do\n  \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc &\n  \tsleep 0.2 || sleep 1\n  \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n  \twait\n  \tcmp tmp.in tmp.out\n  done\n\nOnce this fails:\n\n  tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what's going on:\n\n  $ tshark -r pasta.pcap\n      1   0.000000           :: ? ff02::16     ICMPv6 110 Multicast Listener Report Message v2\n      2   0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n      3   0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n      4   0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n      5   0.168827 c6:47:05:8d:dc:04 ? Broadcast    ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n      6   0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n      7   0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n      8   0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n      9   0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n     10   0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n     11   0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n     12   0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n  strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76],{"_key":33},"SUSE-SU-2025:01919-1",{"_key":35},"SUSE-SU-2025:01951-1",{"_key":37},"SUSE-SU-2025:01967-1",{"_key":39},"SUSE-SU-2025:1177-1",{"_key":41},"SUSE-SU-2025:1178-1",{"_key":43},"SUSE-SU-2025:1180-1",{"_key":45},"SUSE-SU-2025:20190-1",{"_key":47},"SUSE-SU-2025:20192-1",{"_key":49},"SUSE-SU-2025:20260-1",{"_key":51},"SUSE-SU-2025:20270-1",{"_key":53},"DEBIAN-CVE-2024-57974",{"_key":55},"UBUNTU-CVE-2024-57974",{"_key":57},"USN-7521-1",{"_key":59},"USN-7521-3",{"_key":61},"USN-7651-1",{"_key":63},"USN-7651-2",{"_key":65},"USN-7651-3",{"_key":67},"USN-7651-4",{"_key":69},"USN-7651-5",{"_key":71},"USN-7651-6",{"_key":73},"USN-7652-1",{"_key":75},"USN-7653-1",{"_key":77},"USN-7737-1",[],[80,81,82,83,85,86,87,88,89,90,91],{"_key":33},{"_key":35},{"_key":37},{"_key":84},"USN-7521-2",{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},"2025-02-27T02:07:02.973Z","2026-05-11T21:01:21.786Z","Analyzed",{"cisa_kev":96,"cisa_ransomware":96,"cisa_vendor":9,"epss_severity":97,"epss_score":98,"severity":99,"severity_score":100,"severity_version":101,"severity_source":102,"severity_vector":103,"severity_status":94},false,"low",0.00008,"medium",4.7,"v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",[105,111,115],{"url":106,"sources":107,"tags":109},"https://git.kernel.org/stable/c/4f8344fce91c5766d368edb0ad80142eacd805c7",[108,102],"cve.org",[110],"Patch",{"url":112,"sources":113,"tags":114},"https://git.kernel.org/stable/c/d65d3bf309b2649d27b24efd0d8784da2d81f2a6",[108,102],[110],{"url":116,"sources":117,"tags":118},"https://git.kernel.org/stable/c/a502ea6fa94b1f7be72a24bcf9e3f5f6b7e6e90c",[108,102],[110],[],{"date":121,"score":98,"percentile":122},"2026-06-04",0.00749,[124,128,131,134,137,140,143,146,149,152,156,159,162,165,168,172,175,178,181,184,188,191,194,197,200,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,267,270,273,276,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,327,330,333,336,339,342,345,348,351,353,356,358,361,364,367,369,372,375,377,380,383,385,388],{"date":125,"score":126,"percentile":127},"2025-11-04",0.00018,0.03383,{"date":129,"score":126,"percentile":130},"2025-11-05",0.03405,{"date":132,"score":126,"percentile":133},"2025-11-06",0.03438,{"date":135,"score":126,"percentile":136},"2025-11-07",0.03441,{"date":138,"score":126,"percentile":139},"2025-11-08",0.03443,{"date":141,"score":126,"percentile":142},"2025-11-09",0.03449,{"date":144,"score":126,"percentile":145},"2025-11-10",0.03432,{"date":147,"score":126,"percentile":148},"2025-11-11",0.03461,{"date":150,"score":126,"percentile":151},"2025-11-12",0.0347,{"date":153,"score":154,"percentile":155},"2025-11-13",0.00019,0.03871,{"date":157,"score":154,"percentile":158},"2025-11-14",0.03879,{"date":160,"score":154,"percentile":161},"2025-11-15",0.03915,{"date":163,"score":154,"percentile":164},"2025-11-16",0.03914,{"date":166,"score":154,"percentile":167},"2025-11-17",0.039,{"date":169,"score":170,"percentile":171},"2025-11-18",0.00036,0.06141,{"date":173,"score":170,"percentile":174},"2025-11-19",0.06155,{"date":176,"score":170,"percentile":177},"2025-11-20",0.06191,{"date":179,"score":154,"percentile":180},"2025-11-21",0.04002,{"date":182,"score":154,"percentile":183},"2025-11-22",0.04003,{"date":185,"score":186,"percentile":187},"2025-11-23",0.00022,0.04637,{"date":189,"score":186,"percentile":190},"2025-11-24",0.0461,{"date":192,"score":186,"percentile":193},"2025-11-25",0.0462,{"date":195,"score":186,"percentile":196},"2025-11-26",0.04665,{"date":198,"score":186,"percentile":199},"2025-11-27",0.04677,{"date":201,"score":186,"percentile":196},"2025-11-28",{"date":203,"score":186,"percentile":204},"2025-11-29",0.04723,{"date":206,"score":186,"percentile":207},"2025-11-30",0.04728,{"date":209,"score":186,"percentile":210},"2025-12-01",0.04825,{"date":212,"score":186,"percentile":213},"2025-12-02",0.04838,{"date":215,"score":186,"percentile":216},"2025-12-03",0.04864,{"date":218,"score":186,"percentile":219},"2025-12-04",0.0481,{"date":221,"score":186,"percentile":222},"2025-12-05",0.04884,{"date":224,"score":186,"percentile":225},"2025-12-06",0.049,{"date":227,"score":186,"percentile":228},"2025-12-07",0.04901,{"date":230,"score":186,"percentile":231},"2025-12-08",0.04903,{"date":233,"score":186,"percentile":234},"2025-12-09",0.04945,{"date":236,"score":186,"percentile":237},"2025-12-10",0.05002,{"date":239,"score":186,"percentile":240},"2025-12-11",0.04985,{"date":242,"score":186,"percentile":243},"2025-12-12",0.05001,{"date":245,"score":186,"percentile":246},"2025-12-13",0.05038,{"date":248,"score":186,"percentile":249},"2025-12-14",0.05045,{"date":251,"score":186,"percentile":252},"2025-12-15",0.05004,{"date":254,"score":186,"percentile":255},"2025-12-16",0.05003,{"date":257,"score":186,"percentile":258},"2025-12-17",0.05063,{"date":260,"score":186,"percentile":261},"2025-12-18",0.05102,{"date":263,"score":186,"percentile":264},"2025-12-19",0.05082,{"date":266,"score":186,"percentile":264},"2025-12-20",{"date":268,"score":186,"percentile":269},"2025-12-21",0.05092,{"date":271,"score":186,"percentile":272},"2025-12-22",0.05024,{"date":274,"score":186,"percentile":275},"2025-12-23",0.05031,{"date":277,"score":278,"percentile":279},"2025-12-24",0.00023,0.05406,{"date":281,"score":278,"percentile":282},"2025-12-25",0.0544,{"date":284,"score":278,"percentile":285},"2025-12-26",0.05443,{"date":287,"score":278,"percentile":288},"2025-12-27",0.05439,{"date":290,"score":278,"percentile":291},"2025-12-28",0.05433,{"date":293,"score":278,"percentile":294},"2025-12-29",0.05427,{"date":296,"score":278,"percentile":297},"2025-12-30",0.05387,{"date":299,"score":278,"percentile":300},"2025-12-31",0.0542,{"date":302,"score":278,"percentile":303},"2026-01-01",0.05502,{"date":305,"score":278,"percentile":306},"2026-01-02",0.05497,{"date":308,"score":278,"percentile":309},"2026-01-03",0.05459,{"date":311,"score":278,"percentile":312},"2026-01-04",0.05358,{"date":314,"score":278,"percentile":315},"2026-01-05",0.05309,{"date":317,"score":278,"percentile":318},"2026-01-06",0.05307,{"date":320,"score":278,"percentile":321},"2026-01-07",0.05327,{"date":323,"score":278,"percentile":324},"2026-01-08",0.05386,{"date":326,"score":278,"percentile":324},"2026-01-09",{"date":328,"score":278,"percentile":329},"2026-01-10",0.05392,{"date":331,"score":278,"percentile":332},"2026-01-11",0.05375,{"date":334,"score":278,"percentile":335},"2026-01-12",0.05374,{"date":337,"score":278,"percentile":338},"2026-01-13",0.05364,{"date":340,"score":278,"percentile":341},"2026-01-14",0.05409,{"date":343,"score":278,"percentile":344},"2026-01-15",0.05389,{"date":346,"score":278,"percentile":347},"2026-01-16",0.05394,{"date":349,"score":278,"percentile":350},"2026-01-17",0.05401,{"date":352,"score":278,"percentile":329},"2026-01-18",{"date":354,"score":278,"percentile":355},"2026-01-19",0.0535,{"date":357,"score":278,"percentile":318},"2026-01-20",{"date":359,"score":278,"percentile":360},"2026-01-21",0.05305,{"date":362,"score":278,"percentile":363},"2026-01-22",0.05287,{"date":365,"score":278,"percentile":366},"2026-01-23",0.05344,{"date":368,"score":278,"percentile":297},"2026-01-24",{"date":370,"score":278,"percentile":371},"2026-01-25",0.05332,{"date":373,"score":278,"percentile":374},"2026-01-26",0.05308,{"date":376,"score":278,"percentile":363},"2026-01-27",{"date":378,"score":278,"percentile":379},"2026-01-28",0.05272,{"date":381,"score":278,"percentile":382},"2026-01-29",0.05284,{"date":384,"score":278,"percentile":363},"2026-01-30",{"date":386,"score":278,"percentile":387},"2026-01-31",0.0528,{"date":389,"score":278,"percentile":390},"2026-02-01",0.05361,[392],{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":100,"baseSeverity":394,"vectorString":103,"impactScore":395,"exploitabilityScore":396},"MEDIUM",6,2.6,[398,418],{"ecosystem":9,"name":399,"vendor":400,"product":400,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},"Linux","linux","a",[403,410,413,416],{"version":404,"is_range":405,"range_type":108,"version_start":406,"version_start_type":407,"version_end":408,"version_end_type":409,"fixed_in":9},">= 30fff9231fad757c061285e347b33c5149c2c2e4, \u003C 4f8344fce91c5766d368edb0ad80142eacd805c7",true,"30fff9231fad757c061285e347b33c5149c2c2e4","including","4f8344fce91c5766d368edb0ad80142eacd805c7","excluding",{"version":411,"is_range":405,"range_type":108,"version_start":406,"version_start_type":407,"version_end":412,"version_end_type":409,"fixed_in":9},">= 30fff9231fad757c061285e347b33c5149c2c2e4, \u003C d65d3bf309b2649d27b24efd0d8784da2d81f2a6","d65d3bf309b2649d27b24efd0d8784da2d81f2a6",{"version":414,"is_range":405,"range_type":108,"version_start":406,"version_start_type":407,"version_end":415,"version_end_type":409,"fixed_in":9},">= 30fff9231fad757c061285e347b33c5149c2c2e4, \u003C a502ea6fa94b1f7be72a24bcf9e3f5f6b7e6e90c","a502ea6fa94b1f7be72a24bcf9e3f5f6b7e6e90c",{"version":417,"is_range":96,"range_type":108,"version_start":417,"version_start_type":407,"version_end":417,"version_end_type":407,"fixed_in":9},"2.6.33",{"ecosystem":9,"name":419,"vendor":400,"product":420,"cpe_part":421,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":422},"linux kernel","linux_kernel","o",[423,427],{"version":424,"is_range":405,"range_type":425,"version_start":417,"version_start_type":407,"version_end":426,"version_end_type":409,"fixed_in":9},"gte2.6.33_lt6.12.13","cpe","6.12.13",{"version":428,"is_range":405,"range_type":425,"version_start":429,"version_start_type":407,"version_end":430,"version_end_type":409,"fixed_in":9},"gte6.13_lt6.13.2","6.13","6.13.2"]