CVE-2024-56600
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: inet6: do not leave a dangling sk pointer in inet6_create()
sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later.
Clear the sock sk pointer on error.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f2709d1271cfdf55c670ab5c5982139ab627ddc7 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35360255ca30776dee34d9fa764cffa24d0a5f65 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 276a473c956fb55a6f3affa9ff232e10fffa7b43 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 79e16a0d339532ea832d85798eb036fc4f9e0cea | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 706b07b7b37f886423846cb38919132090bc40da | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f44fceb71d72d29fb00e0ac84cdf9c081b03cd06 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9df99c395d0f55fb444ef39f4d6f194ca437d884 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.4.287 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.231 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.174 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.120 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.66 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.5 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
References
- https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7
- https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65
- https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43
- https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea
- https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da
- https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
- https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.