From this webpage screenshot, we can extract the following key information about the vulnerability: 1. Vulnerability Description: - Type: UAF (Use After Free). - Trigger Condition: In the function, when one thread is constructing an skb (socket buffer) of type MSG_MORE, another thread may block in , causing the skb to be placed in the write queue. When the first thread releases the skb, it may lead to a double-free (double release). 2. Trigger Scenario: - 1. Thread A constructs an skb and sets . - 2. Thread A resumes construction from but gets blocked by . - 3. Thread B calls and completes construction, placing the skb into the write queue. - 4. Thread A handles an error and frees the skb that has already been placed in the write queue. - 5. The function frees the skb in the write queue. 3. Mitigation: - Added a per-sk mutex and serialized the function. 4. Code Changes: - Modified the in by adding the field. - Modified the function in to include mutex operations on . 5. Patch Link: - Patch Link 6. Reporting and Testing: - The vulnerability was reported by syzkaller and verified to be fixed in kernel version 6.8.0-rc5. 7. Fixer: - The fix was contributed by Kuniyuki Iwashima. This information helps in understanding the vulnerability’s trigger conditions, mitigation approach, and associated code changes.