vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-26831): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:S/C:P/I:N/A:N)	04/17/2024	07/15/2024	04/04/2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:P/I:N/A:N)

Published

04/17/2024

Added

07/15/2024

Modified

04/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

net/handshake: Fix handshake_req_destroy_test1

Recently, handshake_req_destroy_test1 started failing:

Expected handshake_req_destroy_test == req, but
handshake_req_destroy_test == 0000000000000000
req == 0000000060f99b40
not ok 11 req_destroy works

This is because "sock_release(sock)" was replaced with "fput(filp)"
to address a memory leak. Note that sock_release() is synchronous
but fput() usually delays the final close and clean-up.

The delay is not consequential in the other cases that were changed
but handshake_req_destroy_test1 is testing that handshake_req_cancel()
followed by closing the file actually does call the ->hp_destroy
method. Thus the PTR_EQ test at the end has to be sure that the
final close is complete before it checks the pointer.

We cannot use a completion here because if ->hp_destroy is never
called (ie, there is an API bug) then the test will hang.

Reported by: Guenter Roeck

Solution(s)

ubuntu-upgrade-linux-image-6-5-0-1017-starfiveubuntu-upgrade-linux-image-6-5-0-1020-raspiubuntu-upgrade-linux-image-6-5-0-1023-awsubuntu-upgrade-linux-image-6-5-0-1023-nvidiaubuntu-upgrade-linux-image-6-5-0-1023-nvidia-64kubuntu-upgrade-linux-image-6-5-0-1024-azureubuntu-upgrade-linux-image-6-5-0-1024-azure-fdeubuntu-upgrade-linux-image-6-5-0-1024-gcpubuntu-upgrade-linux-image-6-5-0-1026-oracleubuntu-upgrade-linux-image-6-5-0-1026-oracle-64kubuntu-upgrade-linux-image-6-5-0-1027-oemubuntu-upgrade-linux-image-6-5-0-44-genericubuntu-upgrade-linux-image-6-5-0-44-generic-64kubuntu-upgrade-linux-image-6-5-0-44-lowlatencyubuntu-upgrade-linux-image-6-5-0-44-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidia-6-5ubuntu-upgrade-linux-image-nvidia-64k-6-5ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-starfiveubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-22-04

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today