CVE-2024-56584

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, related to the io uring/tctx component. The issue arises when the xa store() function fails to allocate memory, causing the ->head to be non-NULL even though no entries exist in the xarray. This triggers a WARN ON ONCE() sanity check in the io uring free() function. The vulnerability was identified by syzbot, which injected memory allocation failures to test the kernel's behavior.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider implementing a custom sanity check to iterate entries in the xarray and warn if any are found, similar to the workaround implemented in the resolved version.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

BDU:2025-07801

CVE-2024-56584

DLA-4076-1

MGASA-2025-0030

MGASA-2025-0032

OESA-2025-1032

OESA-2025-1033

OESA-2025-1035

OESA-2025-1036

OESA-2025-1037

OPENSUSE-SU-2025_0428-1

OPENSUSE-SU-2025_0499-1

OPENSUSE-SU-2025_0557-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025_0428-1

SUSE-SU-2025_0499-1

SUSE-SU-2025_0557-1

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-56584

Weakness Enumeration

Related Identifiers

Affected Products

References · 2554