PT-2024-21456 · Linux+6 · Linux Kernel+6

Published

2024-04-02

·

Updated

2025-09-29

·

CVE-2024-26679

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the inet recv error() function being called without holding the socket lock, which can cause an IPv6 socket to mutate to IPv4 with the IPV6 ADDRFORM socket option and trigger a KCSAN warning. This occurs because the sk->sk family value is read only once in inet recv error().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
CVE-2024-26679
DLA-3840-1
DLA-3842-1
DSA-5658-1
DSA-5681-1
INFSA-2024_9315
OESA-2024-1617
OESA-2024-1618
OESA-2024-1622
OESA-2024-1647
OESA-2024-1648
OESA-2024-1649
OPENSUSE-SU-2024_1644-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:1644-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2360-1
SUSE-SU-2024:2381-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6767-1
USN-6767-2
USN-6795-1
USN-6828-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1
USN-6972-1
USN-6972-2
USN-6972-3
USN-6972-4
USN-6976-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu