cve/2024/CVE-2024-53206.md

### [CVE-2024-53206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53206)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=106e457953315e476b3642ef24be25ed862aaba3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5071beb59ee416e8ab456ac8647a4dabcda823b1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=51e34db64f4e43c7b055ccf881b7f3e0c31bb26d%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.12%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8459d61fbf24967839a70235165673148c7c7f17%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=997ae8da14f1639ce6fb66a063dab54031cd61b3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=c964bf65f80a14288d767023a1b300b30f5b9cd0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=e8c526f2bdf1845bedaf6a478816a3d06fa78b8f%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:tcp: Fix use-after-free of nreq in reqsk_timer_handler().The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().Then, oreq should be passed to reqsk_put() instead of req; otherwiseuse-after-free of nreq could happen when reqsk is migrated but theretry attempt failed (e.g. due to timeout).Let's pass oreq to reqsk_put().

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/cku-heise/euvd-api-doc
- https://github.com/w4zu/Debian_security