Linux Kernel up to 6.12.1 TCP reqsk_timer_handler use after free
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.173/6.1.119/6.6.63/6.11.10/6.12.1. Affected is the function reqsk_timer_handler of the component TCP. Performing a manipulation results in use after free.
This vulnerability is identified as CVE-2024-53206. There is not any exploit available.
You should upgrade the affected component.
Details
A vulnerability classified as critical has been found in Linux Kernel up to 5.15.173/6.1.119/6.6.63/6.11.10/6.12.1. This affects the function reqsk_timer_handler of the component TCP. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put().
It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2024-53206 since 11/19/2024. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/15/2025).
The vulnerability scanner Nessus provides a plugin with the ID 214614 (Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-061)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 5.15.174, 6.1.120, 6.6.64, 6.11.11 or 6.12.2 eliminates this vulnerability. Applying the patch 2dcc86fefe09ac853158afd96b60d544af115dc5/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908/65ed89cad1f57034c256b016e89e8c0a4ec7c65b/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721/6d845028609a4af0ad66f499ee0bd5789122b067/c31e72d021db2714df03df6c42855a1db592716c is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (214614) and CERT Bund (WID-SEC-2024-3762). Be aware that VulDB is the high quality source for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- RESF Rocky Linux
- Dell NetWorker
- Dell Avamar
- Red Hat OpenShift
- IBM QRadar SIEM
- Dell PowerProtect Data Domain
- Open Source Linux Kernel
- IBM DataPower Gateway
- Dell Secure Connect Gateway
Product
Type
Vendor
Name
Version
- 5.15.173
- 6.1.119
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.6.21
- 6.6.22
- 6.6.23
- 6.6.24
- 6.6.25
- 6.6.26
- 6.6.27
- 6.6.28
- 6.6.29
- 6.6.30
- 6.6.31
- 6.6.32
- 6.6.33
- 6.6.34
- 6.6.35
- 6.6.36
- 6.6.37
- 6.6.38
- 6.6.39
- 6.6.40
- 6.6.41
- 6.6.42
- 6.6.43
- 6.6.44
- 6.6.45
- 6.6.46
- 6.6.47
- 6.6.48
- 6.6.49
- 6.6.50
- 6.6.51
- 6.6.52
- 6.6.53
- 6.6.54
- 6.6.55
- 6.6.56
- 6.6.57
- 6.6.58
- 6.6.59
- 6.6.60
- 6.6.61
- 6.6.62
- 6.6.63
- 6.11.0
- 6.11.1
- 6.11.2
- 6.11.3
- 6.11.4
- 6.11.5
- 6.11.6
- 6.11.7
- 6.11.8
- 6.11.9
- 6.11.10
- 6.12.0
- 6.12.1
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.0VulDB Meta Temp Score: 7.6
VulDB Base Score: 8.0
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Use after freeCWE: CWE-416 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 214614
Nessus Name: Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-061)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 5.15.174/6.1.120/6.6.64/6.11.11/6.12.2
Patch: 2dcc86fefe09ac853158afd96b60d544af115dc5/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908/65ed89cad1f57034c256b016e89e8c0a4ec7c65b/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721/6d845028609a4af0ad66f499ee0bd5789122b067/c31e72d021db2714df03df6c42855a1db592716c
Timeline
11/19/2024 🔍12/27/2024 🔍
12/27/2024 🔍
12/15/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-53206 (🔍)
GCVE (CVE): GCVE-0-2024-53206
GCVE (VulDB): GCVE-100-289431
CERT Bund: WID-SEC-2024-3762 - Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Entry
Created: 12/27/2024 15:17Updated: 12/15/2025 02:00
Changes: 12/27/2024 15:17 (58), 01/25/2025 04:48 (2), 07/24/2025 01:33 (7), 10/14/2025 00:32 (1), 12/15/2025 02:00 (1)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.