PT-2024-36954 · Linux+10 · Linux Kernel+10
Syzbot
·
Published
2024-11-05
·
Updated
2026-05-28
·
CVE-2024-56645
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
A vulnerability in the Linux kernel has been resolved, related to the
j1939 session new() function, which fixes skb reference counting. The issue arises because j1939 session skb queue() performs an extra skb get() for each new skb, and the same needs to be done for the initial one in j1939 session new() to avoid refcount underflow.Recommendations
For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the
j1939 session new() function until a patch is available.Exploit
Fix
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu