PT-2024-36939 · Linux+8 · Linux Kernel+8

Syzbot

·

Published

2024-12-04

·

Updated

2025-10-03

·

CVE-2024-56631

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A use-after-free bug was found in the sg release() function, which can cause a slab-use-after-free error. The bug occurs when the kref put() function is called before releasing the open rel lock mutex, potentially decrementing the reference count of sfp to zero and triggering its cleanup. This can lead to references to sfp or sdp after the reference count is decremented, resulting in a use-after-free error. The fix involves moving the kref put() call after unlocking the open rel lock mutex to ensure proper sequencing of resource cleanup and mutex operations.
Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the sg release() function until a patch is available. Additionally, avoid using the kref put() function before releasing the open rel lock mutex to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-17881
ALT-PU-2024-17897
ALT-PU-2025-12647
AZL-55180
AZL-55229
BDU:2025-04677
CVE-2024-56631
DLA-4075-1
DLA-4076-1
DSA-5860-1
INFSA-2025_6966
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1065
OESA-2025-1066
OESA-2025-1078
OESA-2025-1079
OESA-2025-1094
OPENSUSE-SU-2025_0202-1
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0556-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0576-1
OPENSUSE-SU-2025_0577-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2025:0202-1
SUSE-SU-2025:0230-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0555-1
SUSE-SU-2025:0556-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0576-1
SUSE-SU-2025:0577-1
SUSE-SU-2025:0577-2
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0202-1
SUSE-SU-2025_0236-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_0577-1
SUSE-SU-2025_0577-2
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7496-1
USN-7496-2
USN-7496-3
USN-7496-4
USN-7496-5
USN-7506-1
USN-7506-2
USN-7506-3
USN-7506-4
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu