{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-58053", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-03-06T15:52:09.178Z", "datePublished": "2025-03-06T15:53:57.558Z", "dateUpdated": "2025-03-24T15:38:11.667Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-24T15:38:11.667Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix handling of received connection abort\n\nFix the handling of a connection abort that we've received. Though the\nabort is at the connection level, it needs propagating to the calls on that\nconnection. Whilst the propagation bit is performed, the calls aren't then\nwoken up to go and process their termination, and as no further input is\nforthcoming, they just hang.\n\nAlso add some tracing for the logging of connection aborts."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/trace/events/rxrpc.h", "net/rxrpc/conn_event.c"], "versions": [{"version": "248f219cb8bcbfbd7f132752d44afa2df7c241d1", "lessThan": "9c6702260557c0183d8417c79a37777a3d3e58e8", "status": "affected", "versionType": "git"}, {"version": "248f219cb8bcbfbd7f132752d44afa2df7c241d1", "lessThan": "5842ce7b120c65624052a8da04460d35b26caac0", "status": "affected", "versionType": "git"}, {"version": "248f219cb8bcbfbd7f132752d44afa2df7c241d1", "lessThan": "96d1d927c4d03ee9dcee7640bca70b74e63504fc", "status": "affected", "versionType": "git"}, {"version": "248f219cb8bcbfbd7f132752d44afa2df7c241d1", "lessThan": "0e56ebde245e4799ce74d38419426f2a80d39950", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/trace/events/rxrpc.h", "net/rxrpc/conn_event.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.76", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.13", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.2", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9c6702260557c0183d8417c79a37777a3d3e58e8"}, {"url": "https://git.kernel.org/stable/c/5842ce7b120c65624052a8da04460d35b26caac0"}, {"url": "https://git.kernel.org/stable/c/96d1d927c4d03ee9dcee7640bca70b74e63504fc"}, {"url": "https://git.kernel.org/stable/c/0e56ebde245e4799ce74d38419426f2a80d39950"}], "title": "rxrpc: Fix handling of received connection abort", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix handling of received connection abort\n\nFix the handling of a connection abort that we've received. Though the\nabort is at the connection level, it needs propagating to the calls on that\nconnection. Whilst the propagation bit is performed, the calls aren't then\nwoken up to go and process their termination, and as no further input is\nforthcoming, they just hang.\n\nAlso add some tracing for the logging of connection aborts."}], "id": "CVE-2024-58053", "lastModified": "2025-03-06T16:15:51.490", "metrics": {}, "published": "2025-03-06T16:15:51.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e56ebde245e4799ce74d38419426f2a80d39950"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5842ce7b120c65624052a8da04460d35b26caac0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/96d1d927c4d03ee9dcee7640bca70b74e63504fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9c6702260557c0183d8417c79a37777a3d3e58e8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: rxrpc: Fix handling of received connection abort", "id": "2350369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350369"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nrxrpc: Fix handling of received connection abort\nFix the handling of a connection abort that we've received. Though the\nabort is at the connection level, it needs propagating to the calls on that\nconnection. Whilst the propagation bit is performed, the calls aren't then\nwoken up to go and process their termination, and as no further input is\nforthcoming, they just hang.\nAlso add some tracing for the logging of connection aborts."], "name": "CVE-2024-58053", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-58053\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58053\nhttps://lore.kernel.org/linux-cve-announce/2025030605-CVE-2024-58053-3c8d@gregkh/T"], "threat_severity": "Moderate"}