CVE-2024-56600
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
27/12/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: inet6: do not leave a dangling sk pointer in inet6_create()<br />
<br />
sock_init_data() attaches the allocated sk pointer to the provided sock<br />
object. If inet6_create() fails later, the sk object is released, but the<br />
sock object retains the dangling sk pointer, which may cause use-after-free<br />
later.<br />
<br />
Clear the sock sk pointer on error.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.287 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.231 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.174 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.120 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.66 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43
- https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65
- https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da
- https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea
- https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884
- https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7
- https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html