CVE-2024-53206
- Source
- https://cve.org/CVERecord?id=CVE-2024-53206
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53206.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53206
- Downstream
- Related
- Published
- 2024-12-27T13:49:52.131Z
- Modified
- 2026-05-07T04:16:52.742101Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- tcp: Fix use-after-free of nreq in reqsk_timer_handler().
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix use-after-free of nreq in reqsktimerhandler().
The cited commit replaced inetcskreqskqueuedropandput() with _inetcskreqskqueuedrop() and reqskput() in reqsktimerhandler().
Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout).
Let's pass oreq to reqsk_put().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53206.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2dcc86fefe09ac853158afd96b60d544af115dc5
- https://git.kernel.org/stable/c/65ed89cad1f57034c256b016e89e8c0a4ec7c65b
- https://git.kernel.org/stable/c/6d845028609a4af0ad66f499ee0bd5789122b067
- https://git.kernel.org/stable/c/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908
- https://git.kernel.org/stable/c/c31e72d021db2714df03df6c42855a1db592716c
- https://git.kernel.org/stable/c/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53206.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-53206
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8459d61fbf24967839a70235165673148c7c7f17Fixed2dcc86fefe09ac853158afd96b60d544af115dc5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5071beb59ee416e8ab456ac8647a4dabcda823b1Fixed9a3c1ad93e6fba67b3a637cfa95a57a6685e4908
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced997ae8da14f1639ce6fb66a063dab54031cd61b3Fixed65ed89cad1f57034c256b016e89e8c0a4ec7c65b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced51e34db64f4e43c7b055ccf881b7f3e0c31bb26dFixedd0eb14cb8c08b00c36a3d5dc57a6f428b301f721
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede8c526f2bdf1845bedaf6a478816a3d06fa78b8fFixed6d845028609a4af0ad66f499ee0bd5789122b067Fixedc31e72d021db2714df03df6c42855a1db592716c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected106e457953315e476b3642ef24be25ed862aaba3Last affectedc964bf65f80a14288d767023a1b300b30f5b9cd0
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.15.174
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.120
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.64
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.11.11
- Type
- ECOSYSTEM
- Events
-
Introduced6.12.0Fixed6.12.2