5.5

CVE-2024-26677

rxrpc: Fix delayed ACKs to not set the reference serial number

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix delayed ACKs to not set the reference serial number

Fix the construction of delayed ACKs to not set the reference serial number
as they can't be used as an RTT reference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.22 < 6.6.17
LinuxLinux Kernel Version >= 6.7 < 6.7.5
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.15
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2
Patch
https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae
Patch
https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef
Patch