CVE-2024-56602

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free.

Clear the sk pointer in the sock object on error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < 1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9affected
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < 14959fd7538b3be6d7617d9e60e404d6a8d4fd1faffected
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < 2b46994a6e76c8cc5556772932b9b60d03a55cd8affected
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < e8bd6c5f5dc2234b4ea714380aedeea12a781754affected
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < b4982fbf13042e3bb33e04eddfea8b1506b5ea65affected
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < 03caa9bfb9fde97fb53d33decd7364514e6825cbaffected
LinuxLinux9ec7671603573ede31207eb5b0b3e1aa211b2854 < b4fcd63f6ef79c73cafae8cf4a114def5fc3d80daffected
LinuxLinux2.6.31affected
LinuxLinux0 < 2.6.31unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References