PT-2025-3271 · Linux+4 · Linux Kernel+4

Syzbot

·

Published

2024-12-12

·

Updated

2025-10-03

·

CVE-2024-56372

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A vulnerability in the Linux kernel has been resolved, specifically in the net: tun: fix tun napi alloc frags() function. The issue was reported by syzbot and caused a crash due to a malformed skb. The vulnerability is related to the tun napi alloc frags() function, which is used in the network stack. The estimated number of potentially affected devices is not specified.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the tun module until a patch is available. Restrict access to the vulnerable tun interface to minimize the risk of exploitation. Avoid using the tun interface in the affected API endpoints until the issue is resolved.

Exploit

Fix

DoS

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
BDU:2025-07795
CVE-2024-56372
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1204
OESA-2025-1205
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu