CVE-2024-44987

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The vulnerability is related to a use-after-free issue in the ip6 send skb() function in the Linux kernel's IPv6 implementation. This issue can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by a slab-use-after-free error in the ip6 send skb() function, which can be triggered by a task attempting to access a freed object. The issue is related to the rawv6 sendmsg() function and the sock sendmsg nosec() function.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the ip6 send skb() function until a patch is available. Restrict access to the vulnerable rawv6 sendmsg() function to minimize the risk of exploitation. Avoid using the sock sendmsg nosec() function in the affected API endpoint until the issue is resolved.