PT-2024-35590 · Linux+8 · Linux Kernel+8
Published
2024-11-07
·
Updated
2025-12-16
·
CVE-2024-53124
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.12.0-rc5
Description
A data-race issue has been identified in the Linux kernel, specifically around the
sk->sk forward alloc variable. This issue can occur when two threads call tcp v6 do rcv() or sk forward alloc add() concurrently, potentially leading to a data-race. The skb clone and charge r() function should not be called in tcp v6 do rcv() when sk->sk state is TCP LISTEN, as it is called later in tcp v6 syn recv sock(). The same issue has been fixed in dccp v6 do rcv().Recommendations
To resolve this issue, update the Linux kernel to a version that includes the fix for this data-race issue. Specifically, update to a version later than 6.12.0-rc5.
Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu