Description

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put().

INFO

Published Date :

2024-12-27T13:49:52.131Z

Last Modified :

2025-11-03T20:47:34.185Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53206 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53206.

URL Resource
https://git.kernel.org/stable/c/2dcc86fefe09ac853158afd96b60d544af115dc5 cve-icon cve-icon
https://git.kernel.org/stable/c/65ed89cad1f57034c256b016e89e8c0a4ec7c65b cve-icon cve-icon
https://git.kernel.org/stable/c/6d845028609a4af0ad66f499ee0bd5789122b067 cve-icon cve-icon
https://git.kernel.org/stable/c/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908 cve-icon cve-icon
https://git.kernel.org/stable/c/c31e72d021db2714df03df6c42855a1db592716c cve-icon cve-icon
https://git.kernel.org/stable/c/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024122728-CVE-2024-53206-d85d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-53206 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-53206 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact