In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC_CONN_SERVICE_CHALLENGING. Check that state under state_lock before running response verification and security initialization, then use a local secured flag to decide whether to queue the secured-connection work after the state transition. This keeps duplicate or late RESPONSE packets from re-running the setup path and removes the unlocked post-transition state test.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.5 | High | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Product | Vendor | Version |
|---|---|---|
| Linux | Linux | 10 Version 1709 for ARM64-based Systems |
| Linux | Linux | 2016 (32-bit edition) |
| Linux | Linux | < publication |
| Linux | Linux | 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions |