CVE-2024-56658

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A slab-use-after-free issue was reported in the Linux kernel, specifically in the dst destroy function. The problem occurs when the net structure is freed before all the dst callbacks are called, causing the dst->ops pointer to point to the old, already freed net->xfrm.xfrm[46] dst ops. This issue is related to the xfrm6 net init and xfrm4 net init functions, which copy the xfrm[46] dst ops template into net->xfrm.xfrm[46] dst ops. A fix is to queue the struct net to be freed after another cleanup net round.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the dst destroy function until a patch is available. Restrict access to the vulnerable net structure to minimize the risk of exploitation. Avoid using the xfrm[46] dst ops template in the affected xfrm6 net init and xfrm4 net init functions until the issue is resolved.