CVE-2024-56600

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: inet6: do not leave a dangling sk pointer in inet6_create()

sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later.

Clear the sock sk pointer on error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f2709d1271cfdf55c670ab5c5982139ab627ddc7affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35360255ca30776dee34d9fa764cffa24d0a5f65affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 276a473c956fb55a6f3affa9ff232e10fffa7b43affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 79e16a0d339532ea832d85798eb036fc4f9e0ceaaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 706b07b7b37f886423846cb38919132090bc40daaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f44fceb71d72d29fb00e0ac84cdf9c081b03cd06affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9df99c395d0f55fb444ef39f4d6f194ca437d884affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References