CVE-2024-26865
Public on 2024-04-17
Modified on 2024-05-17
Description
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). syzkaller reported a warning of netns tracker [0] followed by KASAN splat [1] and another ref tracker warning [1]. syzkaller could not find a repro, but in the log, the only suspicious sequence was as follows: 18:26:22 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ... connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) The notable thing here is 0x4001 in connect(), which is RDS_TCP_PORT.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | Pending Fix | ||
| Amazon Linux 2 - Core | kernel | Pending Fix | ||
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | Pending Fix | ||
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | Pending Fix | ||
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | Pending Fix | ||
| Amazon Linux 2023 | kernel | 2024-04-10 | ALAS2023-2024-585 | Fixed |
| Amazon Linux 2023 | kernel | 2024-08-01 | ALAS2023-2024-696 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.4 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H |