AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-36489: In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls

mediumvulnerability

security

Source: NVD/CVE DatabaseJune 21, 2024CVE-2024-36489

Summary

A vulnerability in the Linux kernel's TLS (Transport Layer Security, the protocol that encrypts internet traffic) initialization code allowed a NULL dereference (trying to access memory that doesn't exist) because of missing synchronization between CPU cores. When two processors performed operations in an unexpected order, one processor could try to use an uninitialized pointer, crashing the system or causing security issues in functions like tls_setsockopt and tls_getsockopt.

Solution / Mitigation

The fix uses rcu_assign_pointer() (a special pointer assignment function that includes memory synchronization) moved to after ctx->sk_proto is fully initialized. This ensures that the pointer is visible to other CPU cores only after it has been properly set up, preventing the reordering problem that caused the NULL dereference.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-476

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-36489

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%