CVE-2024-26679

Summary

In the Linux kernel, the following vulnerability has been resolved:

inet: read sk->sk_family once in inet_recv_error()

inet_recv_error() is called without holding the socket lock.

IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < caa064c3c2394d03e289ebd6b0be5102eb8a5b40affected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < 5993f121fbc01dc2d734f0ff2628009b258fb1ddaffected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < 88081ba415224cf413101def4343d660f56d082baffected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < 3266e638ba5cc1165f5e6989eb8c0720f1cc4b41affected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < 54538752216bf89ee88d47ad07802063a498c299affected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < 4a5e31bdd3c1702b520506d9cf8c41085f75c7f2affected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < 307fa8a75ab7423fa5c73573ec3d192de5027830affected
LinuxLinuxf4713a3dfad045d46afcb9c2a7d0bba288920ed4 < eef00a82c568944f113f2de738156ac591bbd5cdaffected
LinuxLinux433337f9c00cac447d020922f59237273f5d92beaffected
LinuxLinux3.17.7 < 3.18affected
LinuxLinux3.18affected
LinuxLinux0 < 3.18unaffected
LinuxLinux4.19.307 <= 4.19.*unaffected
LinuxLinux5.4.269 <= 5.4.*unaffected
LinuxLinux5.10.210 <= 5.10.*unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.78 <= 6.1.*unaffected
LinuxLinux6.6.17 <= 6.6.*unaffected
LinuxLinux6.7.5 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References