CVE-2024-58053: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58053 affects the Linux kernel's rxrpc subsystem, specifically related to connection abort handling. The vulnerability was discovered and disclosed on March 6, 2025. The issue occurs in the handling of received connection aborts, where although the abort is propagated at the connection level, the calls on that connection aren't properly woken up to process their termination, resulting in hanging calls (NVD).

The vulnerability stems from a flaw in the rxrpc connection abort handling mechanism. When a connection abort is received, though the abort is propagated at the connection level, the calls on that connection aren't properly woken up to process their termination. As no further input is forthcoming, these calls enter a hanging state. The issue was traced back to the commit "rxrpc: Rewrite the data and ack handling code" and has been fixed by adding proper call wakeup mechanisms and connection abort tracing functionality (Kernel Commit).

The vulnerability can result in hanging calls within the Linux kernel's rxrpc subsystem when a connection abort is received, potentially affecting system stability and performance. The issue primarily impacts the connection termination process, where affected calls remain in an unresponsive state (Red Hat).

A fix has been implemented in the Linux kernel that properly handles connection aborts by ensuring calls are woken up to process their termination. The patch includes additional tracing functionality for connection abort logging. Users should update their Linux kernel to a version containing the fix (Kernel Commit).