A flaw in the Linux Kernel found. Race Condition leading to UAF in the Unix Socket could happen in function sk_receive_queue. There is a race condition when garbage collection unlink skb from sk_receive_queue and at same time other thread is try to modify a skb. It can lead to use after free, when skb is freed at __skb_queue_purge but it is also able to be modified in unix_stream_sendpage. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=790c2f9d15b594350ae9bca7b236f2b1859de02c
*** This bug has been marked as a duplicate of bug 2237760 ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:0402 https://access.redhat.com/errata/RHSA-2024:0402
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:0403 https://access.redhat.com/errata/RHSA-2024:0403
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0439
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306