PT-2024-36911 · Linux+10 · Linux Kernel+10
Ignat Korchagin
·
Published
2024-10-15
·
Updated
2026-05-20
·
CVE-2024-56603
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
A vulnerability in the Linux kernel has been resolved, specifically in the
can create() function. On error, can create() frees the allocated sk object, but sock init data() has already attached it to the provided sock object. This leaves a dangling sk pointer in the sock object and may cause use-after-free later.Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the
can create() function until a patch is available. Avoid using the sk object in the affected can create() function until the issue is resolved.Exploit
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu