CVE-2024-56600

net: inet6: do not leave a dangling sk pointer in inet6_create()

Description

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.

References

Link	Tags
https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7	patch
https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65	patch
https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43	patch
https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea	patch
https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da	patch
https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06	patch
https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884	patch

Frequently Asked Questions

What is the severity of CVE-2024-56600?: CVE-2024-56600 has been scored as a high severity vulnerability.
How to fix CVE-2024-56600?: To fix CVE-2024-56600, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56600 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-56600 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56600?: CVE-2024-56600 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions