5.5

CVE-2024-26679

inet: read sk->sk_family once in inet_recv_error()

In the Linux kernel, the following vulnerability has been resolved:

inet: read sk->sk_family once in inet_recv_error()

inet_recv_error() is called without holding the socket lock.

IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM
socket option and trigger a KCSAN warning.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.18 < 4.19.307
LinuxLinux Kernel Version >= 4.20 < 5.4.269
LinuxLinux Kernel Version >= 5.5 < 5.10.210
LinuxLinux Kernel Version >= 5.11 < 5.15.149
LinuxLinux Kernel Version >= 5.16 < 6.1.78
LinuxLinux Kernel Version >= 6.2 < 6.6.17
LinuxLinux Kernel Version >= 6.7 < 6.7.5
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.08
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Mailing List
https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830
Patch
https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41
Patch
https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2
Patch
https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299
Patch
https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd
Patch
https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b
Patch
https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40
Patch
https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd
Patch