CVE-2024-56642

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A use-after-free vulnerability in the Linux kernel has been resolved. The issue occurred in the cleanup bearer() function, where the cleanup of the UDP kernel socket was deferred, leading to a use-after-free condition. This happened because the work decremented the count too early before releasing the kernel socket, unblocking cleanup net() and resulting in use-after-free. The vulnerability was reported by syzkaller and has been fixed by moving the decrement after releasing the socket in cleanup bearer().

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the tipc udp disable() function until a patch is available. Restrict access to the vulnerable cleanup bearer() function to minimize the risk of exploitation. Avoid using the udp sock create() function in the affected API endpoint until the issue is resolved.