PT-2024-5946 · Linux+7 · Linux Kernel+7

Eric Dumazet

·

Published

2024-08-21

·

Updated

2026-03-14

·

CVE-2024-44986

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The issue is related to the use of memory after it has been freed in the ip6 finish output2 function of the Linux kernel. This can lead to a denial of service. The problem occurs when skb expand head() returns NULL, indicating that the skb has been freed, and the associated dst/idev could also have been freed. To prevent this, it is necessary to hold rcu read lock() to ensure that the dst and associated idev are alive.
Recommendations To resolve the issue, update to Linux kernel version 6.6.50 or later. As a temporary workaround, consider restricting access to the ip6 finish output2 function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12053
ALT-PU-2024-13121
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-48611
AZL-48686
BDU:2024-06753
CVE-2024-44986
DLA-4008-1
DSA-5782-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2150
OESA-2024-2151
OESA-2024-2153
OESA-2024-2154
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3592-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu