PT-2024-36952 · Linux+7 · Linux Kernel+7
Published
2024-11-26
·
Updated
2025-10-03
·
CVE-2024-56643
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
A memory leak issue has been resolved in the Linux kernel. The problem occurs when
dccp feat push confirm() fails after a new value for the SP feature is accepted without reconciliation, causing memory allocated with dccp feat clone sp val() to never be freed. This issue was found by the Linux Verification Center with Syzkaller.Recommendations
To resolve this issue, update to Linux kernel version 6.6.74 or later.
As a temporary workaround, consider disabling the
dccp feat change recv function until a patch is available.
Restrict access to the vulnerable dccp module to minimize the risk of exploitation.
Avoid using the dccp feat clone sp val function in the affected API endpoint until the issue is resolved.Exploit
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu