In the Linux kernel, the following vulnerability has been resolved:
net/tcp_ao: Don’t leak ao_info on error-path
It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on
version 5 [1] of TCP-AO patches. Quite frustrative that having all these
selftests that I’ve written, running kmemtest & kcov was always in todo.
[1]:
https://lore.kernel.org/netdev/[email protected]/
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-nvidia | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-oem-6.8 | < any | UNKNOWN |
git.kernel.org/linus/f9ae848904289ddb16c7c9e4553ed4c64300de49 (6.10-rc5)
git.kernel.org/stable/c/ebaa7d3c26332330a48f9a15f8e518d526cc0f21
git.kernel.org/stable/c/f9ae848904289ddb16c7c9e4553ed4c64300de49
launchpad.net/bugs/cve/CVE-2024-40985
nvd.nist.gov/vuln/detail/CVE-2024-40985
security-tracker.debian.org/tracker/CVE-2024-40985
www.cve.org/CVERecord?id=CVE-2024-40985