{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-35890",
        "ASSIGNER": "cve@kernel.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngro: fix ownership transfer\n\nIf packets are GROed with fraglist they might be segmented later on and\ncontinue their journey in the stack. In skb_segment_list those skbs can\nbe reused as-is. This is an issue as their destructor was removed in\nskb_gro_receive_list but not the reference to their socket, and then\nthey can't be orphaned. Fix this by also removing the reference to the\nsocket.\n\nFor example this could be observed,\n\n  kernel BUG at include/linux/skbuff.h:3131!  (skb_orphan)\n  RIP: 0010:ip6_rcv_core+0x11bc/0x19a0\n  Call Trace:\n   ipv6_list_rcv+0x250/0x3f0\n   __netif_receive_skb_list_core+0x49d/0x8f0\n   netif_receive_skb_list_internal+0x634/0xd40\n   napi_complete_done+0x1d2/0x7d0\n   gro_cell_poll+0x118/0x1f0\n\nA similar construction is found in skb_gro_receive, apply the same\nchange there."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Linux",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Linux",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "5e10da5385d2",
                                            "version_value": "d225b0ac96dc"
                                        },
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "version": "5.15",
                                                        "status": "affected"
                                                    },
                                                    {
                                                        "version": "0",
                                                        "lessThan": "5.15",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "5.15.154",
                                                        "lessThanOrEqual": "5.15.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.1.85",
                                                        "lessThanOrEqual": "6.1.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.6.26",
                                                        "lessThanOrEqual": "6.6.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.8.5",
                                                        "lessThanOrEqual": "6.8.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "6.9",
                                                        "lessThanOrEqual": "*",
                                                        "status": "unaffected",
                                                        "versionType": "original_commit_for_fix"
                                                    }
                                                ],
                                                "defaultStatus": "affected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://git.kernel.org/stable/c/d225b0ac96dc40d7e8ae2bc227eb2c56e130975f",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/d225b0ac96dc40d7e8ae2bc227eb2c56e130975f"
            },
            {
                "url": "https://git.kernel.org/stable/c/2eeab8c47c3c0276e0746bc382f405c9a236a5ad",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/2eeab8c47c3c0276e0746bc382f405c9a236a5ad"
            },
            {
                "url": "https://git.kernel.org/stable/c/fc126c1d51e9552eacd2d717b9ffe9262a8a4cd6",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/fc126c1d51e9552eacd2d717b9ffe9262a8a4cd6"
            },
            {
                "url": "https://git.kernel.org/stable/c/5b3b67f731296027cceb3efad881ae281213f86f",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/5b3b67f731296027cceb3efad881ae281213f86f"
            },
            {
                "url": "https://git.kernel.org/stable/c/ed4cccef64c1d0d5b91e69f7a8a6697c3a865486",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/ed4cccef64c1d0d5b91e69f7a8a6697c3a865486"
            }
        ]
    },
    "generator": {
        "engine": "bippy-a5840b7849dd"
    }
}