CVE-2024-56600

high

Description

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.

References

https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06

https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7

https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884

https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea

https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da

https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65

https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43

Details

Source: Mitre, NVD

Published: 2024-12-27

Updated: 2025-01-14

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High