CVE-2024-44985
HIGHLinux Kernel 5.15-5.15.165, 5.16-6.1.106, 6.2-6.6.47, 6.7-6.10.6 - Use-After-Free in ip6_xmit()
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF.
References (8)
Core 8
Core References
Scores
CVSS v3
7.8
EPSS
0.0025
EPSS Percentile
16.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (20)
linux/Kernel
5.15.0 - 5.15.166linux
linux/Kernel
5.16.0 - 6.1.107linux
linux/Kernel
6.2.0 - 6.6.48linux
linux/Kernel
6.7.0 - 6.10.7linux
Linux/Linux
< 5.15
Linux/Linux
0c9f227bee11910a49e1d159abe102d06e3745d5 - 124b428fe28064c809e4237b0b38e97200a8a4a8
Linux/Linux
0c9f227bee11910a49e1d159abe102d06e3745d5 - 2d5ff7e339d04622d8282661df36151906d0e1c7
Linux/Linux
0c9f227bee11910a49e1d159abe102d06e3745d5 - 38a21c026ed2cc7232414cb166efc1923f34af17
Linux/Linux
0c9f227bee11910a49e1d159abe102d06e3745d5 - 975f764e96f71616b530e300c1bb2ac0ce0c2596
Linux/Linux
0c9f227bee11910a49e1d159abe102d06e3745d5 - fc88d6c1f2895a5775795d82ec581afdff7661d1
... and 10 more
Published
Sep 04, 2024
Tracked Since
Feb 18, 2026