Bug 2280442 (CVE-2024-27394) - CVE-2024-27394 kernel: tcp: Fix Use-After-Free in tcp_ao_connect_init
Summary: CVE-2024-27394 kernel: tcp: Fix Use-After-Free in tcp_ao_connect_init
Keywords:
Status: NEW
Alias: CVE-2024-27394
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2280443
Blocks: 2280439
TreeView+ depends on / blocked
 
Reported: 2024-05-14 23:36 UTC by Robb Gatica
Modified: 2024-09-18 15:45 UTC (History)
49 users (show)

Fixed In Version: kernel 6.8.9, kernel 6.9-rc6
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free (UAF) vulnerability was found in the TCP implementation of the Linux kernel. This issue occurs when memory that has been deallocated is accessed or incorrectly, potentially leading to security risks, such as data corruption or arbitrary code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Robb Gatica 2024-05-14 23:36:52 UTC
In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix Use-After-Free in tcp_ao_connect_init

The Linux kernel CVE team has assigned CVE-2024-27394 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050836-CVE-2024-27394-4277@gregkh/T

Comment 1 Robb Gatica 2024-05-14 23:37:29 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2280443]

Comment 3 Alex 2024-06-09 12:53:48 UTC
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-27394 is: 	SKIP	No affected files built, so skip this CVE	NO			-	-	unknown (where first YES/NO value means if related sources built).


Note You need to log in before you can comment on or make changes to this bug.