PT-2024-36908 · Linux+8 · Linux Kernel+8

Ignat Korchagin

Published

2024-10-15

Updated

2025-11-18

CVE-2024-56600

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, where the inet6 create() function did not properly clear a dangling sk pointer. The sock init data() function attaches the allocated sk pointer to the provided sock object. If inet6 create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause a use-after-free error later.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider implementing custom error handling to clear the sk pointer in case of an error in inet6 create(). Restrict access to the inet6 create() function to minimize the risk of exploitation until the update is applied.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALT-PU-2024-17881

ALT-PU-2024-17897

ALT-PU-2025-12647

AZL-55491

AZL-55576

BDU:2025-03600

CVE-2024-56600

DLA-4075-1

DLA-4076-1

INFSA-2025_6966

MGASA-2025-0030

MGASA-2025-0032

OESA-2025-1158

OESA-2025-1162

OESA-2025-1286

OESA-2025-1450

OPENSUSE-SU-2025_0428-1

OPENSUSE-SU-2025_0499-1

OPENSUSE-SU-2025_0517-1

OPENSUSE-SU-2025_0517-2

OPENSUSE-SU-2025_0556-1

OPENSUSE-SU-2025_0557-1

OPENSUSE-SU-2025_0576-1

OPENSUSE-SU-2025_0577-1

OPENSUSE-SU-2025_0771-1

OPENSUSE-SU-2025_1207-1

OPENSUSE-SU-2025_1213-1

OPENSUSE-SU-2025_1214-1

OPENSUSE-SU-2025_1225-1

OPENSUSE-SU-2025_1232-1

OPENSUSE-SU-2025_1238-1

OPENSUSE-SU-2025_1248-1

OPENSUSE-SU-2025_1252-1

OPENSUSE-SU-2025_1254-1

OPENSUSE-SU-2025_1257-1

OPENSUSE-SU-2025_1259-1

OPENSUSE-SU-2025_1260-1

OPENSUSE-SU-2025_1262-1

OPENSUSE-SU-2025_1275-1

OPENSUSE-SU-2025_1276-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0555-1

SUSE-SU-2025:0556-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:0564-1

SUSE-SU-2025:0565-1

SUSE-SU-2025:0576-1

SUSE-SU-2025:0577-1

SUSE-SU-2025:0577-2

SUSE-SU-2025:0603-1

SUSE-SU-2025:0771-1

SUSE-SU-2025:0867-1

SUSE-SU-2025:1207-1

SUSE-SU-2025:1213-1

SUSE-SU-2025:1214-1

SUSE-SU-2025:1225-1

SUSE-SU-2025:1231-1

SUSE-SU-2025:1232-1

SUSE-SU-2025:1236-1

SUSE-SU-2025:1238-1

SUSE-SU-2025:1248-1

SUSE-SU-2025:1252-1

SUSE-SU-2025:1254-1

SUSE-SU-2025:1257-1

SUSE-SU-2025:1259-1

SUSE-SU-2025:1260-1

SUSE-SU-2025:1262-1

SUSE-SU-2025:1275-1

SUSE-SU-2025:1276-1

SUSE-SU-2025:1278-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20187-1

SUSE-SU-2025:20191-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025:20284-1

SUSE-SU-2025:20341-1

SUSE-SU-2025:20369-1

SUSE-SU-2025:4123-1

SUSE-SU-2025_0428-1

SUSE-SU-2025_0499-1

SUSE-SU-2025_0517-1

SUSE-SU-2025_0517-2

SUSE-SU-2025_0557-1

SUSE-SU-2025_0577-1

SUSE-SU-2025_0577-2

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

USN-7387-1

USN-7387-2

USN-7387-3

USN-7388-1

USN-7389-1

USN-7390-1

USN-7391-1

USN-7392-1

USN-7392-2

USN-7392-3

USN-7392-4

USN-7393-1

USN-7401-1

USN-7407-1

USN-7413-1

USN-7415-1

USN-7421-1

USN-7428-1

USN-7428-2

USN-7429-1

USN-7429-2

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7458-1

USN-7459-1

USN-7459-2

USN-7463-1

USN-7468-1

USN-7523-1

USN-7524-1

USN-7539-1

USN-7540-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-36908 · Linux+8 · Linux Kernel+8

CVE-2024-56600

Weakness Enumeration

Related Identifiers

Affected Products

References · 3158