CVE-2024-26677

MEDIUM

Linux Kernel 2.6.22-6.6.16, 6.7.0-6.7.4 - NULL Pointer Dereference in rxrpc Delayed ACK Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2

Patch

https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae

Patch

https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 15.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 2.6.22 - 6.6.17linux

linux/Kernel 6.7.0 - 6.7.5linux

Linux/Linux < 2.6.22

Linux/Linux 17926a79320afa9b95df6b977b40cca6d8713cea - 200cb50b9e154434470c8969d32474d38475acc2

Linux/Linux 17926a79320afa9b95df6b977b40cca6d8713cea - 63719f490e6a89896e9a463d2b45e8203eab23ae

Linux/Linux 17926a79320afa9b95df6b977b40cca6d8713cea - e7870cf13d20f56bfc19f9c3e89707c69cf104ef

Linux/Linux 2.6.22

Linux/Linux 6.6.17 - 6.6.*

Linux/Linux 6.7.5 - 6.7.*

Linux/Linux 6.8

... and 2 more

Published Apr 02, 2024

Tracked Since Feb 18, 2026