CVE-2024-58053

rxrpc: Fix handling of received connection abort

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the
abort is at the connection level, it needs propagating to the calls on that
connection. Whilst the propagation bit is performed, the calls aren't then
woken up to go and process their termination, and as no further input is
forthcoming, they just hang. Also add some tracing for the logging of connection aborts.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rxrpc: Se ha corregido la gestión de la interrupción de la conexión recibida Se ha corregido la gestión de una interrupción de la conexión que hemos recibido. Aunque la interrupción se produce a nivel de conexión, es necesario propagarla a las llamadas de esa conexión. Mientras se realiza el bit de propagación, las llamadas no se activan para procesar su finalización y, como no se recibe ninguna otra entrada, simplemente se cuelgan. También se ha añadido algún seguimiento para el registro de las interrupciones de la conexión.

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the abort is at the connection level, it needs propagating to the calls on that connection. Whilst the propagation bit is performed, the calls aren't then woken up to go and process their termination, and as no further input is forthcoming, they just hang. Also add some tracing for the logging of connection aborts.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-03-06 CVE Reserved
2025-03-06 CVE Published
2025-03-06 CVE Updated
2025-03-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/248f219cb8bcbfbd7f132752d44afa2df7c241d1	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9c6702260557c0183d8417c79a37777a3d3e58e8	2025-02-08
https://git.kernel.org/stable/c/5842ce7b120c65624052a8da04460d35b26caac0	2025-02-08
https://git.kernel.org/stable/c/96d1d927c4d03ee9dcee7640bca70b74e63504fc	2025-02-08
https://git.kernel.org/stable/c/0e56ebde245e4799ce74d38419426f2a80d39950	2024-12-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.6.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.6.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.12.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.12.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.13.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.13.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.14-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.14-rc1"		en		Affected