CVE-2024-27402

Summary

In the Linux kernel, the following vulnerability has been resolved:

phonet/pep: fix racy skb_queue_empty() use

The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skb_peek() unexpectedly returning NULL or a pointer to an already dequeued socket buffer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9641458d3ec42def729fde64669abf07f3220cd5 < 7d3914a477eed92b48c493a8631cc4554ab4fd4faffected
LinuxLinux9641458d3ec42def729fde64669abf07f3220cd5 < 9d5523e065b568e79dfaa2ea1085a5bcf74baf78affected
LinuxLinux9641458d3ec42def729fde64669abf07f3220cd5 < 0a9f558c72c47472c38c05fcb72c70abb9104277affected
LinuxLinux9641458d3ec42def729fde64669abf07f3220cd5 < 8ef4fcc7014b9f93619851d6b78d6cc2789a4c88affected
LinuxLinux9641458d3ec42def729fde64669abf07f3220cd5 < 7d2a894d7f487dcb894df023e9d3014cf5b93fe5affected
LinuxLinux2.6.28affected
LinuxLinux0 < 2.6.28unaffected
LinuxLinux5.15.181 <= 5.15.*unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References