PT-2024-36910 · Linux+8 · Linux Kernel+8
Ignat Korchagin
·
Published
2024-10-15
·
Updated
2025-10-31
·
CVE-2024-56602
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
A vulnerability in the Linux kernel has been resolved, specifically in the net: ieee802154 module. The issue arises when the
ieee802154 create() function fails, causing a dangling pointer to remain in the provided sock object after the allocated sk object is freed. This may allow use-after-free. The sock init data() function attaches the allocated sk object to the provided sock object.Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider implementing error handling to clear the sk pointer in the sock object on error, similar to the fix applied in the resolved version.
Exploit
Fix
Use After Free
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu