Security tracker / CVE-2024-53091

CVE-2024-53091

bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 634f1a7110b4 ("vsock: support sockmap")
 carnil> 94531cfcbe79 ("af_unix: Add unix_stream_proto for sockmap"). Vulnerable
 carnil> versions: 5.15-rc1.

Bugs

Status

Branch	Status
upstream	released (6.12) [44d0469f79bd3d0b3433732877358df7dc6b17b1]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.11-upstream-stable	released (6.11.9) [6781cfa93a6a1b7f5be6819a5a2dd8f30f47ca26]
6.6-upstream-stable	released (6.6.62) [a078a480ff3f43d74d8a024ae10c3c7daf6db149]
6.1-upstream-stable	needed
5.10-upstream-stable	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
sid	released (6.11.9-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	needed
5.10-bullseye-security	N/A "Vulnerable code not present"