Security tracker / CVE-2024-53168

CVE-2024-53168

sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 26abe14379f8 ("net: Modify sk_alloc to not reference count the
 carnil> netns of kernel sockets."). Vulnerable versions: 4.2-rc1.

Bugs

Status

Branch	Status
upstream	released (6.13-rc1) [3f23f96528e8fcf8619895c4c916c52653892ec1]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	released (6.12.2) [61c0a5eac96836de5e3a5897eccdc63162a94936]
6.6-upstream-stable	released (6.6.64) [0ca87e5063757132a044d35baba40a7d4bb25394]
6.1-upstream-stable	needed
5.10-upstream-stable	needed
sid	released (6.12.3-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	needed
5.10-bullseye-security	needed