PT-2024-36923 · Linux+7 · Linux Kernel+7
Jordy Zomer
·
Published
2024-11-25
·
Updated
2025-10-03
·
CVE-2024-56615
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue is related to out-of-bounds (OOB) writes in the devmap when deleting elements. This is caused by the index used for accessing map entries being a signed integer, which leads to OOB writes. The fix involves changing the type from int to u32. Additionally, when the map is released from the system via
dev map free(), an iterator variable is also an int, implying OOB accesses, which needs to be changed to u32.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider restricting access to the
dev map free() function until a patch is available.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu