CVE-2024-26677

NameCVE-2024-26677
DescriptionIn the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.304-1vulnerable
bullseye5.10.209-2vulnerable
bullseye (security)5.10.205-2vulnerable
bookworm6.1.76-1vulnerable
bookworm (security)6.1.85-1vulnerable
trixie6.6.15-2vulnerable
sid6.7.9-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)6.7.7-1

Notes

https://git.kernel.org/linus/e7870cf13d20f56bfc19f9c3e89707c69cf104ef (6.8-rc4)

Search for package or bug name: Reporting problems