PT-2025-3330 · Linux+6 · Linux Kernel+6

Published

2024-11-26

·

Updated

2025-10-03

·

CVE-2024-56783

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description The issue concerns the netfilter component in the Linux kernel, specifically the nft socket. It involves removing an unnecessary WARN ON ONCE warning at the maximum cgroup level. By default, the maximum cgroup depth is INT MAX, but there is a cgroup toggle to restrict this depth to a more reasonable value to prevent performance harm. The removal of this warning is necessary because it is reachable from userspace.
Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting the cgroup maximum depth to a more reasonable value using the available cgroup toggle to minimize potential performance impacts until the update can be applied.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2024-17881
ALT-PU-2024-17897
ALT-PU-2025-12647
AZL-55343
BDU:2025-06096
CVE-2024-56783
DLA-4076-1
INFSA-2025_6966
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1286
OESA-2025-1339
RHSA-2025:6966
RHSA-2025_6966
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Ubuntu