In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix Use-After-Free in tcp_ao_connect_init
Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal
of tcp_ao_connect_init, is not part of the RCU read critical section, it
is possible that the RCU grace period will pass during the traversal and
the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-09T16:37:11.495Z
Updated: 2024-11-05T09:21:24.590Z
Reserved: 2024-02-25T13:47:42.677Z
Link: CVE-2024-27394
Vulnrichment
Updated: 2024-08-02T00:34:52.373Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:12:27.363
Modified: 2024-11-21T09:04:31.353
Link: CVE-2024-27394
Redhat