CVE-2024-26679

inet: read sk->sk_family once in inet_recv_error()

References

https://cve.org/CVERecord/?id=CVE-2024-26679

Notes

 carnil> Introduced in f4713a3dfad0 ("net-timestamp: make tcp_recvmsg call
 carnil> ipv6_recv_error for AF_INET6 socks"). Vulnerable versions: 3.17.7 3.18-rc7.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	released (4.19.307) [caa064c3c2394d03e289ebd6b0be5102eb8a5b40]
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.210) [88081ba415224cf413101def4343d660f56d082b]
6.1-bookworm-security	released (6.1.82-1)
6.1-upstream-stable	released (6.1.78) [54538752216bf89ee88d47ad07802063a498c299]
6.6-upstream-stable	released (6.6.17) [4a5e31bdd3c1702b520506d9cf8c41085f75c7f2]
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.7.7-1)
upstream	released (6.8-rc4) [eef00a82c568944f113f2de738156ac591bbd5cd]