2350369 – (CVE-2024-58053) CVE-2024-58053 kernel: rxrpc: Fix handling of received connection abort

Bug 2350369 (CVE-2024-58053) - CVE-2024-58053 kernel: rxrpc: Fix handling of received connection abort

Summary: CVE-2024-58053 kernel: rxrpc: Fix handling of received connection abort

Keywords:
Status:	NEW
Alias:	CVE-2024-58053
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-06 16:02 UTC by OSIDB Bzimport
Modified:	2025-03-26 15:34 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-06 16:02:08 UTC

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix handling of received connection abort

Fix the handling of a connection abort that we've received.  Though the
abort is at the connection level, it needs propagating to the calls on that
connection.  Whilst the propagation bit is performed, the calls aren't then
woken up to go and process their termination, and as no further input is
forthcoming, they just hang.

Also add some tracing for the logging of connection aborts.

Comment 1 Mauro Matteo Cascella 2025-03-06 17:21:42 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025030605-CVE-2024-58053-3c8d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.