CVE-2024-56600

HIGH

Linux Kernel - Use-After-Free in inet6_create() Error Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.

References (9)

Core 9

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 14.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (23)
linux/Kernel 2.6.12 - 5.4.287linux
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.120linux
linux/Kernel 5.5.0 - 5.10.231linux
linux/Kernel 6.2.0 - 6.6.66linux
linux/Kernel 6.7.0 - 6.12.5linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 276a473c956fb55a6f3affa9ff232e10fffa7b43
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 35360255ca30776dee34d9fa764cffa24d0a5f65
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 706b07b7b37f886423846cb38919132090bc40da
... and 13 more
Published Dec 27, 2024
Tracked Since Feb 18, 2026