製品・ソフトウェアに関する情報

JVN脆弱性詳細

Debian等の複数ベンダの製品におけるゼロ除算に関する脆弱性

Title	Debian等の複数ベンダの製品におけるゼロ除算に関する脆弱性
Summary	LinuxカーネルにおけるTCPソケット管理の脆弱性が修正されました。本脆弱性は、TCP_SYN_RECV状態のソケットに対して誤ったシャットダウン処理（SEND_SHUTDOWN）が遅延されることで発生し、この状態のソケットが正常に初期化されないまま状態遷移し、最終的にゼロ除算によるクラッシュが引き起こされます。この問題は、tcp_shutdown()関数がTCP_SYN_RECVからTCP_FIN_WAIT1への不適切な状態遷移を行わないように修正することで解決しました。修正により、ソケットの状態管理が適切に行われ、攻撃者によるサービス拒否（DoS）攻撃のリスクが軽減されます。
Possible impacts	当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。また、当該ソフトウェアが扱う情報について、書き換えは発生しません。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃の影響は、他のソフトウェアには及びません。
Solution	正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 30, 2024, midnight
Registration Date	Jan. 27, 2026, 5:30 p.m.
Last Update	Jan. 27, 2026, 5:30 p.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected System

Debian

Debian GNU/Linux 10.0

Linux

Linux Kernel 2.6.12

Linux Kernel 2.6.12.1 以上 4.19.314 未満

Linux Kernel 4.20 以上 5.4.276 未満

Linux Kernel 5.11 以上 5.15.159 未満

Linux Kernel 5.16 以上 6.1.91 未満

Linux Kernel 5.5 以上 5.10.217 未満

Linux Kernel 6.2 以上 6.6.31 未満

Linux Kernel 6.7 以上 6.8.10 未満

Linux Kernel 6.9

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Amazon Linux Security Center
1	CVE-2024-36905	https://alas.aws.amazon.com/cve/html/CVE-2024-36905.html
Common Vulnerabilities and Exposures (CVE)
2	CVE-2024-36905	https://www.cve.org/CVERecord?id=CVE-2024-36905
National Vulnerability Database (NVD)
3	CVE-2024-36905	https://nvd.nist.gov/vuln/detail/CVE-2024-36905
Red Hat Customer Portal
4	CVE-2024-36905 - Red Hat Customer Portal	https://access.redhat.com/security/cve/cve-2024-36905
関連文書
5	CVE-2024-36905: need clarification why it is set as network attack vector Issue #130 cisagov/vulnrichment	https://github.com/cisagov/vulnrichment/issues/130

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-369	https://cwe.mitre.org/data/definitions/369.html

ベンダー情報

No	Name	URL
Debian Mailing Lists
1	[SECURITY] [DLA 3840-1] linux security update	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
2	[SECURITY] [DLA 3843-1] linux-5.10 security update	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
NetApp Advisory
3	NetApp Product Security	https://security.netapp.com/advisory/ntap-20240905-0005/

その他

Change Log

No	Changed Details	Date of change
1	[2026年01月27日] 掲載	Jan. 27, 2026, 5:30 p.m.

NVD Vulnerability Information

CVE-2024-36905

Summary	In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by zero in tcp_rcv_space_adjust() A socket makes the following state transitions, without ever calling tcp_init_transfer(), meaning tcp_init_buffer_space() is also not called. TCP_CLOSE connect() TCP_SYN_SENT TCP_SYN_RECV shutdown() -> tcp_shutdown(sk, SEND_SHUTDOWN) TCP_FIN_WAIT1 To fix this issue, change tcp_shutdown() to not perform a TCP_SYN_RECV -> TCP_FIN_WAIT1 transition, which makes no sense anyway. When tcp_rcv_state_process() later changes socket state from TCP_SYN_RECV to TCP_ESTABLISH, then look at sk->sk_shutdown to finally enter TCP_FIN_WAIT1 state, and send a FIN packet from a sane socket state. This means tcp_send_fin() can now be called from BH context, and must use GFP_ATOMIC allocations. [1] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767 Code: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 <48> f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48 RSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246 RAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7 R10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30 R13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da FS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0 Call Trace: <TASK> tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513 tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578 inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x109/0x280 net/socket.c:1068 ____sys_recvmsg+0x1db/0x470 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x474/0xae0 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7faeb6363db9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9 RDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c R10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
Publication Date	May 31, 2024, 1:15 a.m.
Registration Date	May 31, 2024, 10 a.m.
Last Update	Nov. 21, 2024, 6:22 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.openwall.com/lists/oss-security/2024/10/29/1
2	http://www.openwall.com/lists/oss-security/2024/10/30/1
3	http://www.openwall.com/lists/oss-security/2024/11/12/4
4	http://www.openwall.com/lists/oss-security/2024/11/12/5
5	http://www.openwall.com/lists/oss-security/2024/11/12/6
6	https://access.redhat.com/security/cve/cve-2024-36905
7	https://alas.aws.amazon.com/cve/html/CVE-2024-36905.html
8	https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4
9	https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4
10	https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270
11	https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270
12	https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1
13	https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1
14	https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485
15	https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485
16	https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f
17	https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f
18	https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf
19	https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf
20	https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214
21	https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214
22	https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4
23	https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4
24	https://github.com/cisagov/vulnrichment/issues/130
25	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
26	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
27	https://security.netapp.com/advisory/ntap-20240905-0005/
28	https://www.openwall.com/lists/oss-security/2024/10/29/1
29	https://www.openwall.com/lists/oss-security/2024/11/12/4

Common Vulnerabilities List

No	Name	URL
関連文書
1	oss-security - CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets (http://www.openwall.com/lists/oss-security/2024/10/29/1)	http://www.openwall.com/lists/oss-security/2024/10/29/1
2	oss-security - CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets (https://www.openwall.com/lists/oss-security/2024/10/29/1)	https://www.openwall.com/lists/oss-security/2024/10/29/1
3	oss-security - RE: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets	http://www.openwall.com/lists/oss-security/2024/11/12/6
4	oss-security - Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets (http://www.openwall.com/lists/oss-security/2024/10/30/1)	http://www.openwall.com/lists/oss-security/2024/10/30/1
5	oss-security - Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets (http://www.openwall.com/lists/oss-security/2024/11/12/4)	http://www.openwall.com/lists/oss-security/2024/11/12/4
6	oss-security - Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets (http://www.openwall.com/lists/oss-security/2024/11/12/5)	http://www.openwall.com/lists/oss-security/2024/11/12/5
7	oss-security - Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets (https://www.openwall.com/lists/oss-security/2024/11/12/4)	https://www.openwall.com/lists/oss-security/2024/11/12/4
8	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4)	https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4
9	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270)	https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270
10	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1)	https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1
11	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485)	https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485
12	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f)	https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f
13	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf)	https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf
14	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214)	https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214
15	tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4)	https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4