In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://git.kernel.org/stable/c/3811172e8c98ceebd12fe526ca6cb37a1263c964 cve-icon cve-icon
https://git.kernel.org/stable/c/4db9ad82a6c823094da27de4825af693a3475d51 cve-icon cve-icon
https://git.kernel.org/stable/c/638a8fa5a7e641f9401346c57e236f02379a0c40 cve-icon cve-icon
https://git.kernel.org/stable/c/66d11ca91bf5100ae2e6b5efad97e58d8448843a cve-icon cve-icon
https://git.kernel.org/stable/c/86a1f9fa24804cd7f9d7dd3f24af84fc7f8ec02e cve-icon cve-icon
https://git.kernel.org/stable/c/87a95ee34a48dfad198a2002e4966e1d63d53f2b cve-icon cve-icon
https://git.kernel.org/stable/c/cc91d59d34ff6a6fee1c0b48612081a451e05e9a cve-icon cve-icon
https://git.kernel.org/stable/c/fe6cbf0b2ac3cf4e21824a44eaa336564ed5e960 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024122834-CVE-2024-56688-4e02@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-56688 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-56688 cve-icon
History

Wed, 08 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Sat, 28 Dec 2024 10:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL.
Title sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-28T09:46:14.905Z

Updated: 2024-12-28T09:46:14.905Z

Reserved: 2024-12-27T15:00:39.847Z

Link: CVE-2024-56688

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-12-28T10:15:12.643

Modified: 2025-01-08T17:11:05.457

Link: CVE-2024-56688

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-12-28T00:00:00Z

Links: CVE-2024-56688 - Bugzilla