CVE-2024-56715

MEDIUM

Linux Kernel 5.10-5.15.175, 5.16-6.1.121, 6.2-6.6.67, 6.7-6.12.6 - Use-After-Free in Netdev Notifier Unregister

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() failure. This will also call ionic_lif_unregister_phc() if it has already been registered.

References (6)

Core 6

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Patch

https://git.kernel.org/stable/c/87847938f5708b2509b279369c96572254bcf2ba

Patch

https://git.kernel.org/stable/c/da93a12876f8b969df7316dc93aac7e725f88252

Patch

https://git.kernel.org/stable/c/da5736f516a664a9e1ff74902663c64c423045d2

Patch

https://git.kernel.org/stable/c/ee2e931b2b46de9af7f681258e8ec8e2cd81cfc6

Patch

https://git.kernel.org/stable/c/9590d32e090ea2751e131ae5273859ca22f5ac14

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 15.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (18)

linux/Kernel 5.10.0 - 5.15.176linux

linux/Kernel 5.16.0 - 6.1.122linux

linux/Kernel 6.2.0 - 6.6.68linux

linux/Kernel 6.7.0 - 6.12.7linux

Linux/Linux < 5.10

Linux/Linux 30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 - 87847938f5708b2509b279369c96572254bcf2ba

Linux/Linux 30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 - 9590d32e090ea2751e131ae5273859ca22f5ac14

Linux/Linux 30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 - da5736f516a664a9e1ff74902663c64c423045d2

Linux/Linux 30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 - da93a12876f8b969df7316dc93aac7e725f88252

Linux/Linux 30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 - ee2e931b2b46de9af7f681258e8ec8e2cd81cfc6

... and 8 more

Published Dec 29, 2024

Tracked Since Feb 18, 2026