CVE-2024-53206

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 27, 2024

Updated: Feb 11, 2025

CWE ID 416

Summary

CVE-2024-53206 is a newly discovered vulnerability affecting the Linux kernel. This issue involves a use-after-free bug in the tcp subsystem, specifically in the reqsk_timer_handler() function. When a retry attempt fails, and the reqsk is migrated, the nreq pointer can be accessed after it has been freed, leading to potential memory corruption. The vulnerability has been mitigated by replacing inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in the affected function. Now, oreq is passed to reqsk_put() instead of req, preventing the use-after-free condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners