CVE-2024-58053

low-risk

Published 2025-03-06

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the abort is at the connection level, it needs propagating to the calls on that connection. Whilst the propagation bit is performed, the calls aren't then woken up to go and process their termination, and as no further input is forthcoming, they just hang. Also add some tracing for the logging of connection aborts.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/0e56ebde245e4799ce74d38419426f2a80d39950

Patch https://git.kernel.org/stable/c/5842ce7b120c65624052a8da04460d35b26caac0

Patch https://git.kernel.org/stable/c/96d1d927c4d03ee9dcee7640bca70b74e63504fc

Patch https://git.kernel.org/stable/c/9c6702260557c0183d8417c79a37777a3d3e58e8

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal