CVE-2024-56606

Summary

In the Linux kernel, the following vulnerability has been resolved:

af_packet: avoid erroring out after sock_init_data() in packet_create()

After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < 71b22837a5e55ac27d6a14b9cdf2326587405c4faffected
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < 1dc1e1db927056cb323296e2294a855cd003dfe7affected
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < 132e615bb1d7cdec2d3cfbdec2efa630e923fd21affected
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < a6cf750b737374454a4e03a5ed449a3eb0c96414affected
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < 157f08db94123e2ba56877dd0ac88908b13a5dd0affected
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < fd09880b16d33aa5a7420578e01cd79148fa9829affected
LinuxLinuxb013840810c221f2b0cf641d01531526052dc1fb < 46f2a11cb82b657fd15bab1c47821b635e03838baffected
LinuxLinux3.14affected
LinuxLinux0 < 3.14unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References