CVE-2024-56646

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0

Description A NULL pointer dereference vulnerability was found in the Linux kernel's modify prefix route() function, caused by a fib6 info without a fib6 table pointer set. This can happen for net->ipv6.fib6 null entry. The vulnerability may lead to a general protection fault, likely due to a non-canonical address.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel versions prior to 6.12.0, update to version 6.12.0 or later. As a temporary workaround, consider disabling the modify prefix route() function until a patch is available. However, this may have unintended consequences and should be done with caution.

Note: The provided information does not specify the exact version that fixes the vulnerability, but it is mentioned that the issue is resolved in the Linux kernel. Therefore, updating to the latest version available is recommended.