CVE-2024-56600
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
In the Linux kernel, the following vulnerability has been resolved:
net: inet6: do not leave a dangling sk pointer in inet6_create()
sock_init_data() attaches the allocated sk pointer to the provided sock
object. If inet6_create() fails later, the sk object is released, but the
sock object retains the dangling sk pointer, which may cause use-after-free
later.
Clear the sock sk pointer on error.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.16
(inclusive)
To
6.1.120
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
6.2
(inclusive)
To
6.6.66
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.11
(inclusive)
To
5.15.174
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
6.7
(inclusive)
To
6.12.5
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.5
(inclusive)
To
5.10.231
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
To
5.4.287
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43
https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65
https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da
https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea
https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884
https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7
https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html