CVE-2024-58053

medium

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the abort is at the connection level, it needs propagating to the calls on that connection. Whilst the propagation bit is performed, the calls aren't then woken up to go and process their termination, and as no further input is forthcoming, they just hang. Also add some tracing for the logging of connection aborts.

References

https://git.kernel.org/stable/c/9c6702260557c0183d8417c79a37777a3d3e58e8

https://git.kernel.org/stable/c/96d1d927c4d03ee9dcee7640bca70b74e63504fc

https://git.kernel.org/stable/c/5842ce7b120c65624052a8da04460d35b26caac0

https://git.kernel.org/stable/c/0e56ebde245e4799ce74d38419426f2a80d39950

Details

Source: Mitre, NVD

Published: 2025-03-06

Updated: 2025-03-06

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium