CVE-2024-56645
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/12/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
can: j1939: j1939_session_new(): fix skb reference counting<br />
<br />
Since j1939_session_skb_queue() does an extra skb_get() for each new<br />
skb, do the same for the initial one in j1939_session_new() to avoid<br />
refcount underflow.<br />
<br />
[mkl: clean up commit message]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4 (including) | 5.4.287 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.231 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.174 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.120 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.66 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/224e606a8d8e8c7db94036272c47a37455667313
- https://git.kernel.org/stable/c/4199dd78a59896e091d3a7a05a77451aa7fd724d
- https://git.kernel.org/stable/c/426d94815e12b6bdb9a75af294fbbafb9301601d
- https://git.kernel.org/stable/c/68fceb143b635cdc59fed3896d5910aff38f345e
- https://git.kernel.org/stable/c/a8c695005bfe6569acd73d777ca298ddddd66105
- https://git.kernel.org/stable/c/b3282c2bebeeb82ceec492ee4972f51ee7a4a132
- https://git.kernel.org/stable/c/f117cba69cbbd496babb3defcdf440df4fd6fe14
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html