PT-2024-35653 · Linux+6 · Linux Kernel+6

Liu Jian

·

Published

2024-11-28

·

Updated

2025-04-28

·

CVE-2024-53206

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free issue in the Linux kernel's tcp component has been resolved. The issue occurred in the reqsk timer handler() function and was caused by the incorrect handling of the nreq variable. The commit that fixed the issue replaced inet csk reqsk queue drop and put() with inet csk reqsk queue drop() and reqsk put() in reqsk timer handler(). To prevent the use-after-free issue, oreq should be passed to reqsk put() instead of req. This issue could occur when reqsk is migrated but the retry attempt fails, for example, due to a timeout.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-17893
AZL-55564
BDU:2025-04565
CVE-2024-53206
DLA-4076-1
OESA-2025-1097
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0203-1
OPENSUSE-SU-2025_0229-1
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0203-1
SUSE-SU-2025:0229-1
SUSE-SU-2025:0231-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
SUSE-SU-2025_0203-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7407-1
USN-7421-1
USN-7459-1
USN-7459-2

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu