PT-2024-6978 · Linux+10 · Linux Kernel+10

Ignat Korchagin

+1

·

Published

2024-06-20

·

Updated

2026-05-26

·

CVE-2024-40954

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc2+
Description The vulnerability is related to a use-after-free issue in the Linux kernel's networking code. It can be triggered by attaching an fentry probe to sock release() and the probe calling the bpf get socket cookie() helper, or by running traceroute -I 1.1.1.1 on a freshly booted VM. A KASAN enabled kernel will log a slab-use-after-free error in sock gen cookie(). The issue is caused by a dangling sk pointer when socket creation fails.
To exploit this vulnerability, an attacker would need to be able to run privileged commands on the system, such as attaching an fentry probe or running traceroute with specific options. The vulnerability could potentially allow an attacker to gain elevated privileges or disrupt system operation.
Recommendations To resolve this issue, it is recommended to update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, the fix involves clearing the struct socket reference in sk common release() to cover all protocol families create functions.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:5363
ALSA-2024:7000
ALSA-2024:7001
ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2024-08227
CESA-2024_7000
CESA-2024_7001
CVE-2024-40954
DLA-4008-1
DSA-5731-1
INFSA-2024_5363
INFSA-2024_7000
INFSA-2024_7001
OESA-2024-2590
OPENSUSE-SU-2024_2947-1
OPENSUSE-SU-2024_3623-1
OPENSUSE-SU-2024_3624-1
OPENSUSE-SU-2024_3625-1
OPENSUSE-SU-2024_3627-1
OPENSUSE-SU-2024_3631-1
OPENSUSE-SU-2024_3632-1
OPENSUSE-SU-2024_3635-1
OPENSUSE-SU-2024_3636-1
OPENSUSE-SU-2024_3638-1
OPENSUSE-SU-2024_3639-1
OPENSUSE-SU-2024_3643-1
OPENSUSE-SU-2024_3655-1
OPENSUSE-SU-2024_3666-1
OPENSUSE-SU-2024_3670-1
OPENSUSE-SU-2024_3672-1
OPENSUSE-SU-2024_3679-1
OPENSUSE-SU-2024_3680-1
OPENSUSE-SU-2024_3694-1
OPENSUSE-SU-2024_3695-1
OPENSUSE-SU-2024_3696-1
OPENSUSE-SU-2024_3697-1
OPENSUSE-SU-2024_3700-1
OPENSUSE-SU-2024_3701-1
OPENSUSE-SU-2024_3702-1
OPENSUSE-SU-2024_3706-1
OPENSUSE-SU-2024_3707-1
OPENSUSE-SU-2024_3708-1
OPENSUSE-SU-2024_3710-1
OPENSUSE-SU-2024_3780-1
OPENSUSE-SU-2024_3793-1
OPENSUSE-SU-2024_3806-1
OPENSUSE-SU-2024_3815-1
OPENSUSE-SU-2024_3829-1
OPENSUSE-SU-2024_3830-1
OPENSUSE-SU-2024_3831-1
OPENSUSE-SU-2024_3833-1
OPENSUSE-SU-2024_3836-1
OPENSUSE-SU-2024_3837-1
OPENSUSE-SU-2024_3840-1
OPENSUSE-SU-2024_3842-1
OPENSUSE-SU-2024_3851-1
OPENSUSE-SU-2024_3852-1
OPENSUSE-SU-2024_3855-1
OPENSUSE-SU-2024_3856-1
OPENSUSE-SU-2024_3857-1
OPENSUSE-SU-2024_3860-1
OPENSUSE-SU-2024_3880-1
OPENSUSE-SU-2024_3881-1
OPENSUSE-SU-2024_3882-1
OPENSUSE-SU-2024_3884-1
OPENSUSE-SU-2024_4122-1
OPENSUSE-SU-2024_4123-1
OPENSUSE-SU-2024_4124-1
OPENSUSE-SU-2024_4125-1
OPENSUSE-SU-2024_4127-1
OPENSUSE-SU-2024_4128-1
OPENSUSE-SU-2024_4207-1
OPENSUSE-SU-2024_4208-1
OPENSUSE-SU-2024_4209-1
OPENSUSE-SU-2024_4210-1
OPENSUSE-SU-2024_4214-1
OPENSUSE-SU-2024_4216-1
OPENSUSE-SU-2024_4218-1
OPENSUSE-SU-2024_4228-1
OPENSUSE-SU-2024_4234-1
OPENSUSE-SU-2024_4235-1
OPENSUSE-SU-2024_4236-1
OPENSUSE-SU-2024_4243-1
OPENSUSE-SU-2024_4262-1
OPENSUSE-SU-2024_4266-1
OPENSUSE-SU-2024_4275-1
OPENSUSE-SU-2025_0107-1
OPENSUSE-SU-2025_0109-1
OPENSUSE-SU-2025_0110-1
OPENSUSE-SU-2025_0111-1
OPENSUSE-SU-2025_0114-1
OPENSUSE-SU-2025_0115-1
OPENSUSE-SU-2025_0124-1
OPENSUSE-SU-2025_0138-1
OPENSUSE-SU-2025_0146-1
OPENSUSE-SU-2025_0150-1
OPENSUSE-SU-2025_0158-1
OPENSUSE-SU-2025_0164-1
OPENSUSE-SU-2025_0168-1
OPENSUSE-SU-2025_0187-1
OPENSUSE-SU-2025_0188-1
OPENSUSE-SU-2025_0248-1
OPENSUSE-SU-2025_0249-1
OPENSUSE-SU-2025_0251-1
OPENSUSE-SU-2025_0252-1
OPENSUSE-SU-2025_0253-1
OPENSUSE-SU-2025_0254-1
OPENSUSE-SU-2025_0255-1
OPENSUSE-SU-2025_0260-1
OPENSUSE-SU-2025_0261-1
OPENSUSE-SU-2025_0262-1
OPENSUSE-SU-2025_0264-1
OPENSUSE-SU-2025_0265-1
OPENSUSE-SU-2025_0266-1
RHSA-2024:5363
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024_5363
RHSA-2024_7000
RHSA-2024_7001
RLSA-2024:5363
RLSA-2024:7001
SUSE-SU-2024:2894-1
SUSE-SU-2024:2902-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3623-1
SUSE-SU-2024:3624-1
SUSE-SU-2024:3625-1
SUSE-SU-2024:3626-1
SUSE-SU-2024:3627-1
SUSE-SU-2024:3628-1
SUSE-SU-2024:3631-1
SUSE-SU-2024:3632-1
SUSE-SU-2024:3635-1
SUSE-SU-2024:3636-1
SUSE-SU-2024:3638-1
SUSE-SU-2024:3639-1
SUSE-SU-2024:3643-1
SUSE-SU-2024:3655-1
SUSE-SU-2024:3666-1
SUSE-SU-2024:3670-1
SUSE-SU-2024:3672-1
SUSE-SU-2024:3679-1
SUSE-SU-2024:3680-1
SUSE-SU-2024:3694-1
SUSE-SU-2024:3695-1
SUSE-SU-2024:3696-1
SUSE-SU-2024:3697-1
SUSE-SU-2024:3700-1
SUSE-SU-2024:3701-1
SUSE-SU-2024:3702-1
SUSE-SU-2024:3706-1
SUSE-SU-2024:3707-1
SUSE-SU-2024:3708-1
SUSE-SU-2024:3710-1
SUSE-SU-2024:3780-1
SUSE-SU-2024:3793-1
SUSE-SU-2024:3806-1
SUSE-SU-2024:3815-1
SUSE-SU-2024:3829-1
SUSE-SU-2024:3830-1
SUSE-SU-2024:3831-1
SUSE-SU-2024:3833-1
SUSE-SU-2024:3835-1
SUSE-SU-2024:3836-1
SUSE-SU-2024:3837-1
SUSE-SU-2024:3840-1
SUSE-SU-2024:3842-1
SUSE-SU-2024:3851-1
SUSE-SU-2024:3852-1
SUSE-SU-2024:3855-1
SUSE-SU-2024:3856-1
SUSE-SU-2024:3857-1
SUSE-SU-2024:3860-1
SUSE-SU-2024:3880-1
SUSE-SU-2024:3881-1
SUSE-SU-2024:3882-1
SUSE-SU-2024:3884-1
SUSE-SU-2024:4122-1
SUSE-SU-2024:4123-1
SUSE-SU-2024:4124-1
SUSE-SU-2024:4125-1
SUSE-SU-2024:4127-1
SUSE-SU-2024:4128-1
SUSE-SU-2024:4139-1
SUSE-SU-2024:4207-1
SUSE-SU-2024:4208-1
SUSE-SU-2024:4209-1
SUSE-SU-2024:4210-1
SUSE-SU-2024:4214-1
SUSE-SU-2024:4216-1
SUSE-SU-2024:4218-1
SUSE-SU-2024:4228-1
SUSE-SU-2024:4234-1
SUSE-SU-2024:4235-1
SUSE-SU-2024:4236-1
SUSE-SU-2024:4243-1
SUSE-SU-2024:4262-1
SUSE-SU-2024:4266-1
SUSE-SU-2024:4275-1
SUSE-SU-2025:0084-1
SUSE-SU-2025:0107-1
SUSE-SU-2025:0109-1
SUSE-SU-2025:0110-1
SUSE-SU-2025:0111-1
SUSE-SU-2025:0114-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0124-1
SUSE-SU-2025:0138-1
SUSE-SU-2025:0146-1
SUSE-SU-2025:0150-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0164-1
SUSE-SU-2025:0168-1
SUSE-SU-2025:0187-1
SUSE-SU-2025:0188-1
SUSE-SU-2025:0248-1
SUSE-SU-2025:0249-1
SUSE-SU-2025:0251-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0253-1
SUSE-SU-2025:0254-1
SUSE-SU-2025:0255-1
SUSE-SU-2025:0260-1
SUSE-SU-2025:0261-1
SUSE-SU-2025:0262-1
SUSE-SU-2025:0264-1
SUSE-SU-2025:0265-1
SUSE-SU-2025:0266-1
SUSE-SU-2025:0269-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu