CVE-2024-41007

tcp: avoid too many retransmit packets

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4.

3.3
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7bb7670f92bfbd05fc41a8f9a8f358b7ffed65f4 patch
https://git.kernel.org/stable/c/d2346fca5bed130dc712f276ac63450201d52969 patch
https://git.kernel.org/stable/c/5d7e64d70a11d988553a08239c810a658e841982 patch
https://git.kernel.org/stable/c/04317a2471c2f637b4c49cbd0e9c0d04a519f570 patch
https://git.kernel.org/stable/c/e113cddefa27bbf5a79f72387b8fbd432a61a466 patch
https://git.kernel.org/stable/c/dfcdd7f89e401d2c6616be90c76c2fac3fa98fde patch
https://git.kernel.org/stable/c/66cb64a1d2239cd0309f9b5038b05462570a5be1 patch
https://git.kernel.org/stable/c/97a9063518f198ec0adb2ecb89789de342bb8283 patch

Frequently Asked Questions

What is the severity of CVE-2024-41007?
CVE-2024-41007 has been scored as a low severity vulnerability.
How to fix CVE-2024-41007?
To fix CVE-2024-41007, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41007 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41007 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41007?
CVE-2024-41007 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.