Bug 1222387 (CVE-2024-26677) - VUL-0: CVE-2024-26677: kernel: rxrpc: Fix delayed ACKs to not set the reference serial number
Summary: VUL-0: CVE-2024-26677: kernel: rxrpc: Fix delayed ACKs to not set the referen...
Status: NEW
Alias: CVE-2024-26677
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Denis Kirjanov
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/399984/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26677:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-05 13:39 UTC by SMASH SMASH
Modified: 2024-07-03 05:48 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
stoyan.manolov: needinfo? (denis.kirjanov)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-04-05 13:39:08 UTC 
In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix delayed ACKs to not set the reference serial number

Fix the construction of delayed ACKs to not set the reference serial number
as they can't be used as an RTT reference.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26677
https://www.cve.org/CVERecord?id=CVE-2024-26677
https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2
https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae
https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef
https://bugzilla.redhat.com/show_bug.cgi?id=2272834