PT-2024-36909 · Linux+8 · Linux Kernel+8

Ignat Korchagin

Published

2024-10-15

Updated

2025-11-18

CVE-2024-56601

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, where the inet create() function could leave a dangling sk pointer. The sock init data() function attaches the allocated sk object to the provided sock object. If inet create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create a use-after-free issue later. The fix involves clearing the sk pointer in the sock object on error.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider implementing custom error handling to clear the sk pointer in the sock object when inet create() fails.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALT-PU-2024-17881

ALT-PU-2024-17897

ALT-PU-2025-12647

AZL-55539

AZL-55584

BDU:2025-03597

CVE-2024-56601

DLA-4075-1

DLA-4076-1

INFSA-2025_6966

MGASA-2025-0030

MGASA-2025-0032

OESA-2025-1158

OESA-2025-1162

OESA-2025-1286

OPENSUSE-SU-2025_0428-1

OPENSUSE-SU-2025_0499-1

OPENSUSE-SU-2025_0517-1

OPENSUSE-SU-2025_0517-2

OPENSUSE-SU-2025_0556-1

OPENSUSE-SU-2025_0557-1

OPENSUSE-SU-2025_0576-1

OPENSUSE-SU-2025_0577-1

OPENSUSE-SU-2025_0771-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2025:02069-1

SUSE-SU-2025:02070-1

SUSE-SU-2025:02071-1

SUSE-SU-2025:02072-1

SUSE-SU-2025:02073-1

SUSE-SU-2025:02075-1

SUSE-SU-2025:02076-1

SUSE-SU-2025:02077-1

SUSE-SU-2025:02087-1

SUSE-SU-2025:02095-1

SUSE-SU-2025:02096-1

SUSE-SU-2025:02101-1

SUSE-SU-2025:02106-1

SUSE-SU-2025:02107-1

SUSE-SU-2025:02108-1

SUSE-SU-2025:02110-1

SUSE-SU-2025:02111-1

SUSE-SU-2025:02112-1

SUSE-SU-2025:02113-1

SUSE-SU-2025:02116-1

SUSE-SU-2025:02117-1

SUSE-SU-2025:02124-1

SUSE-SU-2025:02125-1

SUSE-SU-2025:02126-1

SUSE-SU-2025:02127-1

SUSE-SU-2025:02128-1

SUSE-SU-2025:02131-1

SUSE-SU-2025:02132-1

SUSE-SU-2025:02134-1

SUSE-SU-2025:02136-1

SUSE-SU-2025:02138-1

SUSE-SU-2025:02139-1

SUSE-SU-2025:02140-1

SUSE-SU-2025:02142-1

SUSE-SU-2025:02144-1

SUSE-SU-2025:02145-1

SUSE-SU-2025:02154-1

SUSE-SU-2025:02155-1

SUSE-SU-2025:02156-1

SUSE-SU-2025:02157-1

SUSE-SU-2025:02161-1

SUSE-SU-2025:02162-1

SUSE-SU-2025:02171-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0555-1

SUSE-SU-2025:0556-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:0564-1

SUSE-SU-2025:0565-1

SUSE-SU-2025:0576-1

SUSE-SU-2025:0577-1

SUSE-SU-2025:0577-2

SUSE-SU-2025:0603-1

SUSE-SU-2025:0771-1

SUSE-SU-2025:0867-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025:20431-1

SUSE-SU-2025:20434-1

SUSE-SU-2025:20435-1

SUSE-SU-2025:20436-1

SUSE-SU-2025:20437-1

SUSE-SU-2025:20438-1

SUSE-SU-2025:20448-1

SUSE-SU-2025:20449-1

SUSE-SU-2025:20450-1

SUSE-SU-2025:20451-1

SUSE-SU-2025:4123-1

SUSE-SU-2025_0428-1

SUSE-SU-2025_0499-1

SUSE-SU-2025_0517-1

SUSE-SU-2025_0517-2

SUSE-SU-2025_0557-1

SUSE-SU-2025_0577-1

SUSE-SU-2025_0577-2

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

USN-7387-1

USN-7387-2

USN-7387-3

USN-7388-1

USN-7389-1

USN-7390-1

USN-7391-1

USN-7392-1

USN-7392-2

USN-7392-3

USN-7392-4

USN-7393-1

USN-7401-1

USN-7407-1

USN-7413-1

USN-7421-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7458-1

USN-7459-1

USN-7459-2

USN-7463-1

USN-7468-1

USN-7523-1

USN-7524-1

USN-7539-1

USN-7540-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-36909 · Linux+8 · Linux Kernel+8

CVE-2024-56601

Weakness Enumeration

Related Identifiers

Affected Products

References · 3069