CVE-2024-27394

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a Use-After-Free vulnerability in the tcp ao connect init function. This vulnerability is caused by a race condition in the RCU API, where the call rcu function is not part of the RCU read critical section, allowing the RCU grace period to pass during traversal and the key to be freed. To prevent this, it should be changed to hlist for each entry safe. The vulnerability can be exploited to cause a denial of service. It has been reported that this issue is being actively exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.