CVE-2024-26921

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the Linux kernel's inet defrag function, which can cause a problem when reassembling skb fragments via netfilter or similar modules. The function ip local out() and other functions can pass skb->sk as a function argument, and if the skb is a fragment and reassembly happens before the function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, such as openvswitch or ct act.c, when run as part of the tx pipeline. The problem arises when the skb is refragmented again right after ip do fragment() is called, which can cause the head->sk to be copied to the new fragments and set up a destructor to sock wfree. To fix this issue, the orphaning needs to be delayed long enough to learn if the skb has to be queued or if it is completing the reasm queue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.