Security tracker / CVE-2024-26677

CVE-2024-26677

rxrpc: Fix delayed ACKs to not set the reference serial number

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use
 carnil> by userspace and kernel both"). Vulnerable versions: 2.6.22-rc1.

Bugs

Status

Branch	Status
upstream	released (6.8-rc4) [e7870cf13d20f56bfc19f9c3e89707c69cf104ef]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.7-upstream-stable	released (6.7.5) [63719f490e6a89896e9a463d2b45e8203eab23ae]
6.6-upstream-stable	released (6.6.17) [200cb50b9e154434470c8969d32474d38475acc2]
6.1-upstream-stable	needed
5.10-upstream-stable	needed
sid	released (6.7.7-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	needed
5.10-bullseye-security	needed