CVE-2024-56688

Summary

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < cc91d59d34ff6a6fee1c0b48612081a451e05e9aaffected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < 86a1f9fa24804cd7f9d7dd3f24af84fc7f8ec02eaffected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < fe6cbf0b2ac3cf4e21824a44eaa336564ed5e960affected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < 87a95ee34a48dfad198a2002e4966e1d63d53f2baffected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < 3811172e8c98ceebd12fe526ca6cb37a1263c964affected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < 638a8fa5a7e641f9401346c57e236f02379a0c40affected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < 66d11ca91bf5100ae2e6b5efad97e58d8448843aaffected
LinuxLinux7196dbb02ea05835b9ee56910ee82cb55422c7f1 < 4db9ad82a6c823094da27de4825af693a3475d51affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References