CVE-2024-56601

HIGH

Linux Kernel - Use-After-Free in inet_create() Error Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.

References (9)

Core 9

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 14.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (23)
linux/Kernel 2.6.12 - 5.4.287linux
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.120linux
linux/Kernel 5.5.0 - 5.10.231linux
linux/Kernel 6.2.0 - 6.6.66linux
linux/Kernel 6.7.0 - 6.12.5linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 25447c6aaa7235f155292b0c58a067347e8ae891
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 3e8258070b0f2aba66b3ef18883de229674fb288
... and 13 more
Published Dec 27, 2024
Tracked Since Feb 18, 2026