PT-2024-36947 · Linux+2 · Linux Kernel+2

Syzbot

Published

2024-12-03

Updated

2026-05-26

CVE-2024-56639

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0

Description A vulnerability in the Linux kernel has been resolved, related to the High-availability Seamless Redundancy (HSR) protocol. The issue arises from the hsr init skb() function not allocating sufficient bytes for RedBox support, leading to a potential crash when send hsr supervision frame() attempts to add additional components. This results in a kernel bug, as reported by syzbot, with symptoms including an invalid opcode and a crash. The vulnerability is related to the hsr init skb(), send hsr supervision frame(), and hsr proxy announce() functions.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-400CWE-770

Related Identifiers

BDU:2026-04524

CVE-2024-56639

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2024-36947 · Linux+2 · Linux Kernel+2

CVE-2024-56639

Weakness Enumeration

Related Identifiers

Affected Products

References · 342