PT-2024-32758 · Linux+3 · Linux Kernel+3

Syzbot

·

Published

2024-09-09

·

Updated

2025-09-29

·

CVE-2024-47711

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free issue has been identified in the Linux kernel, specifically in the af unix module. The problem arises when the manage oob() function returns an out-of-band (OOB) socket buffer (skb) that has already been consumed, but the unix sk(sk)->oob skb pointer is not cleared. This can lead to a situation where the unix sk(sk)->oob skb is used after it has been freed, resulting in a use-after-free error. The issue was discovered by syzbot and is related to the unix stream recv urg() function. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
  • The manage oob() function is vulnerable.
  • The unix stream recv urg() function is affected.
  • The unix sk(sk)->oob skb pointer is not properly cleared.
  • The issue can be triggered by a sequence of send(MSG OOB) and recv(MSG OOB) calls.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-17211
BDU:2025-07239
CVE-2024-47711
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7451-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Ubuntu