In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks
We must put 'sk' reference before returning.
[ { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83e6fb59040e8964888afcaa5612cc1243736715", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "40003849269700111776701576575251630700", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "186389283531375967608255977097095825610", "309934560727429406135348902001519368217", "213128785867733000741871060943002728636", "219303213433306614346373220769323610347", "212345794791543000062531819893779715261", "281749632732995799705611485841457494837", "101892701435860013080800054559958557633", "64834172319672527171343100651210152211", "137869142478817929615467432735272366433", "188785540487037175759326420900269603891", "292530156372731861273602641519061350160", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-0151a065" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f68e097e20d3c695281a9c6433acc37be47fe11", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "40003849269700111776701576575251630700", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "186389283531375967608255977097095825610", "309934560727429406135348902001519368217", "213128785867733000741871060943002728636", "219303213433306614346373220769323610347", "212345794791543000062531819893779715261", "281749632732995799705611485841457494837", "101892701435860013080800054559958557633", "64834172319672527171343100651210152211", "137869142478817929615467432735272366433", "188785540487037175759326420900269603891", "292530156372731861273602641519061350160", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-0f854335" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6572440f78b724c46070841a68254ebc534cde24", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "46885099102513019426844690941170716165", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "186389283531375967608255977097095825610", "309934560727429406135348902001519368217", "213128785867733000741871060943002728636", "219303213433306614346373220769323610347", "212345794791543000062531819893779715261", "281749632732995799705611485841457494837", "101892701435860013080800054559958557633", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-1517c82f" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33c2258bf8cb17fba9e58b111d4c4f4cf43a4896", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "40003849269700111776701576575251630700", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "186389283531375967608255977097095825610", "309934560727429406135348902001519368217", "213128785867733000741871060943002728636", "219303213433306614346373220769323610347", "212345794791543000062531819893779715261", "281749632732995799705611485841457494837", "101892701435860013080800054559958557633", "64834172319672527171343100651210152211", "137869142478817929615467432735272366433", "188785540487037175759326420900269603891", "292530156372731861273602641519061350160", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-3549afa9" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33c2258bf8cb17fba9e58b111d4c4f4cf43a4896", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "303624627566018075365412551466641701021", "length": 1114.0 }, "id": "CVE-2024-46855-5250778c" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6572440f78b724c46070841a68254ebc534cde24", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "3730344166823500463565853282405756879", "length": 920.0 }, "id": "CVE-2024-46855-8036031a" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@076d281e90aaf4192799ecb9a1ed82321e133ecd", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "46885099102513019426844690941170716165", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "294304120343056573889374225279970580425", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-8da09a1f" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ddc7c423c4a5386bf865474c694b48178efd311a", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "46885099102513019426844690941170716165", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "186389283531375967608255977097095825610", "309934560727429406135348902001519368217", "213128785867733000741871060943002728636", "219303213433306614346373220769323610347", "212345794791543000062531819893779715261", "281749632732995799705611485841457494837", "101892701435860013080800054559958557633", "64834172319672527171343100651210152211", "137869142478817929615467432735272366433", "188785540487037175759326420900269603891", "292530156372731861273602641519061350160", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-9e66f37b" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83e6fb59040e8964888afcaa5612cc1243736715", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "303624627566018075365412551466641701021", "length": 1114.0 }, "id": "CVE-2024-46855-b180c62f" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ddc7c423c4a5386bf865474c694b48178efd311a", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "308058793704935454755816765805990190424", "length": 1101.0 }, "id": "CVE-2024-46855-c41b12dc" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f68e097e20d3c695281a9c6433acc37be47fe11", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "303624627566018075365412551466641701021", "length": 1114.0 }, "id": "CVE-2024-46855-ca22ab2a" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b26ff7af8c32cb4148b3e147c52f9e4c695209c", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "303624627566018075365412551466641701021", "length": 1114.0 }, "id": "CVE-2024-46855-fbb5df58" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@076d281e90aaf4192799ecb9a1ed82321e133ecd", "signature_version": "v1", "target": { "function": "nft_socket_eval", "file": "net/netfilter/nft_socket.c" }, "digest": { "function_hash": "174633933665086393868690524476316615631", "length": 767.0 }, "id": "CVE-2024-46855-fda19db2" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b26ff7af8c32cb4148b3e147c52f9e4c695209c", "signature_version": "v1", "target": { "file": "net/netfilter/nft_socket.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "40003849269700111776701576575251630700", "305004431118806347856164068777576317583", "188785540487037175759326420900269603891", "186389283531375967608255977097095825610", "309934560727429406135348902001519368217", "213128785867733000741871060943002728636", "219303213433306614346373220769323610347", "212345794791543000062531819893779715261", "281749632732995799705611485841457494837", "101892701435860013080800054559958557633", "64834172319672527171343100651210152211", "137869142478817929615467432735272366433", "188785540487037175759326420900269603891", "292530156372731861273602641519061350160", "146583877345350959073157048358822489180", "56445389956183543482860133256806054971", "200296728763435215387821525962110768543" ] }, "id": "CVE-2024-46855-ff4d613c" } ]