CVE-2024-53206

tcp: Fix use-after-free of nreq in reqsk_timer_handler().

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix use-after-free of nreq in reqsk_timer_handler().

The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with
__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().

Then, oreq should be passed to reqsk_put() instead of req; otherwise
use-after-free of nreq could happen when reqsk is migrated but the
retry attempt failed (e.g. due to timeout).

Let's pass oreq to reqsk_put().

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-27 CVE Published
2024-12-27 CVE Updated
2024-12-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17	Vuln. Introduced
https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1	Vuln. Introduced
https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3	Vuln. Introduced
https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d	Vuln. Introduced
https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2dcc86fefe09ac853158afd96b60d544af115dc5	2024-12-14
https://git.kernel.org/stable/c/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908	2024-12-14
https://git.kernel.org/stable/c/65ed89cad1f57034c256b016e89e8c0a4ec7c65b	2024-12-09
https://git.kernel.org/stable/c/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721	2024-12-05
https://git.kernel.org/stable/c/6d845028609a4af0ad66f499ee0bd5789122b067	2024-12-05
https://git.kernel.org/stable/c/c31e72d021db2714df03df6c42855a1db592716c	2024-11-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.170 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.170 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.115 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.115 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.59 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.59 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11.6 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11.6 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12 < 6.13-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12 < 6.13-rc1"		en		Affected