CVE-2024-26677: rxrpc: Fix delayed ACKs to not set the reference serial number
Description
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix delayed ACKs to not set the reference serial number
Fix the construction of delayed ACKs to not set the reference serial number
as they can't be used as an RTT reference.
Classification
CVE ID: CVE-2024-26677
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 17.81% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://git.kernel.org/stable/c/200cb50b9e154434470c8969d32474d38475acc2https://git.kernel.org/stable/c/63719f490e6a89896e9a463d2b45e8203eab23ae
https://git.kernel.org/stable/c/e7870cf13d20f56bfc19f9c3e89707c69cf104ef