PT-2024-36943 · Linux+4 · Linux Kernel+4
Syzbot
·
Published
2024-12-05
·
Updated
2025-10-03
·
CVE-2024-56635
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue is a race between device and netns dismantles, which can lead to a potential use-after-free (UAF) in the
default operstate() function. This occurs after calling rtnl unlock() from netdev run todo(), where it cannot be assumed that the netns of each device is still alive. The problem is mitigated by ensuring the device is not in the NETREG UNREGISTERED state and adding an ASSERT RTNL() before the call to dev get by index().Recommendations
To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the
default operstate() function until a patch is available. Restrict access to the vulnerable dev get by index() function to minimize the risk of exploitation. Avoid using the netdev run todo() function in conjunction with rtnl unlock() until the issue is resolved.Exploit
Fix
Use After Free
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu