CVE-2024-53206
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
References
Notes
carnil> Introduced in e8c526f2bdf1 ("tcp/dccp: Don't use timer_pending() in
carnil> reqsk_queue_unlink()."). Vulnerable versions: 5.15.170 6.1.115 6.6.59 6.11.6
carnil> 6.12-rc4.
Bugs
Status
| Branch |
Status |
| upstream |
released (6.13-rc1) [c31e72d021db2714df03df6c42855a1db592716c]
|
| 6.18-upstream-stable |
N/A "Fixed before branching point"
|
| 6.17-upstream-stable |
N/A "Fixed before branching point"
|
| 6.12-upstream-stable |
released (6.12.2) [6d845028609a4af0ad66f499ee0bd5789122b067]
|
| 6.6-upstream-stable |
released (6.6.64) [65ed89cad1f57034c256b016e89e8c0a4ec7c65b]
|
| 6.1-upstream-stable |
released (6.1.120) [9a3c1ad93e6fba67b3a637cfa95a57a6685e4908]
|
| 5.10-upstream-stable |
needed
|
| sid |
released (6.12.3-1)
|
| 6.12-trixie-security |
N/A "Fixed before branching point"
|
| 6.1-bookworm-security |
released (6.1.123-1)
|
| 5.10-bullseye-security |
needed
|
