CVE-2024-26679

Published: Apr 2, 2024Modified: Mar 17, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning.

Affected (11)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.18 to 4.19.307
Linux Linux Kernel	From 4.20 to 5.4.269
Linux Linux Kernel	From 5.11 to 5.15.149
Linux Linux Kernel	From 5.16 to 6.1.78
Linux Linux Kernel	From 5.5 to 5.10.210
Linux Linux Kernel	From 6.2 to 6.6.17
Linux Linux Kernel	From 6.7 to 6.7.5
Linux Linux Kernel	Version 6.8 rc1
Linux Linux Kernel	Version 6.8 rc2
Linux Linux Kernel	Version 6.8 rc3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (18)

https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.