CVE-2024-53139

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 6.6.65

Description The issue is related to a possible use-after-free (UAF) vulnerability in the sctp v6 available() function in the Linux kernel's SCTP (Stream Control Transmission Protocol) implementation. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by the sctp v6 available() function calling dev get by index rcu() and ipv6 chk addr() without holding the RCU (Read-Copy Update) lock.

Recommendations To resolve this issue, update the Linux Kernel to version 6.6.65 or later. As a temporary workaround, consider disabling the sctp v6 available() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation. At the moment, there is no information about other versions that contain a fix for this vulnerability.