CVE-2024-56600

Опубликовано: 27 дек. 2024

Источник: redhat

CVSS3: 7.3

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.

Отчет

This issue is considered to be a moderate impact flaw, it seems this the data leak is from TCP protocol stack on not of all kernel space.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel-rt	Affected
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2025:6966	13.05.2025
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2025:6966	13.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2334458kernel: net: inet6: do not leave a dangling sk pointer in inet6_create()

EPSS

Процентиль: 8%

0.00033

Низкий

7.3 High

CVSS3

Связанные уязвимости

CVE-2024-56600

CVSS3: 7.8

ubuntu

6 месяцев назад

CVE-2024-56600

CVSS3: 7.8

nvd

6 месяцев назад

CVE-2024-56600

CVSS3: 7.8

msrc

3 месяца назад

Описание отсутствует

CVE-2024-56600

CVSS3: 7.8

debian

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

SUSE-SU-2025:1276-1

suse-cvrf

2 месяца назад

Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

EPSS

Процентиль: 8%

0.00033

Низкий

7.3 High

CVSS3