CVE-2024-26865

rds: tcp: Fix use-after-free of net in reqsk_timer_handler().

References

https://cve.org/CVERecord/?id=CVE-2024-26865

Notes

 carnil> Introduced in 467fa15356ac ("RDS-TCP: Support multiple RDS-TCP listen
 carnil> endpoints, one per netns."). Vulnerable versions: 4.3-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	needed
5.10-bullseye-security	needed
5.10-upstream-stable	needed
6.1-bookworm-security	released (6.1.85-1)
6.1-upstream-stable	released (6.1.83) [9905a157048f441f1412e7bd13372f4a971d75c6]
6.6-upstream-stable	released (6.6.23) [f901ee07853ce97e9f1104c7c898fbbe447f0279]
6.8-upstream-stable	released (6.8.2) [1e9fd5cf8d7f487332560f7bb312fc7d416817f3]
sid	released (6.7.12-1)
upstream	released (6.9-rc1) [2a750d6a5b365265dbda33330a6188547ddb5c24]