CVE-2024-53206

Jan. 14, 2025, 5:20 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put().

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/2dcc86fefe09ac853158afd96b60d544af115dc5
https://git.kernel.org/stable/c/65ed89cad1f57034c256b016e89e8c0a4ec7c65b
https://git.kernel.org/stable/c/6d845028609a4af0ad66f499ee0bd5789122b067
https://git.kernel.org/stable/c/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908
https://git.kernel.org/stable/c/c31e72d021db2714df03df6c42855a1db592716c
https://git.kernel.org/stable/c/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2024-12-27
CVE-2024-53206

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 27, 2024, 2:15 p.m.
Last Modified: Jan. 14, 2025, 5:20 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.