Laurent Fasnacht

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.12-1~bpo11+1 **Description** A vulnerability in the Linux kernel has been resolved. The issue occurs when a new passive FastOpen TCP socket is created and a socket operation goes through a specific sequence of events, ultimately leading to the `tcp rtx synack()` function being called in process context. This is a problem because `tcp rtx synack()` was previously always called from a BH handler, from a timer handler, and not from a preemptible context. The vulnerability can be triggered when the kernel is built with `CONFIG DEBUG PREEMPT=y`. The estimated number of potentially affected devices is not specified. **Recommendations** For Linux kernel versions prior to 5.16.12-1~bpo11+1, update to a newer version that includes the fix, which uses `TCP INC STATS()` and `NET INC STATS()` to avoid assuming the caller is in a non-preemptible context. As a temporary workaround, consider disabling the `tcp rtx synack()` function until a patch is available. However, this is not a recommended long-term solution, and updating to a fixed version is the preferred resolution.