CVE-2024-56720

Published: Dic 29, 2024 Last Modified: Nov 03, 2025 EU-VD ID: EUVD-2024-53368
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Several fixes to bpf_msg_pop_data

Several fixes to bpf_msg_pop_data,
1. In sk_msg_shift_left, we should put_page
2. if (len == 0), return early is better
3. pop the entire sk_msg (last == msg->sg.size) should be supported
4. Fix for the value of variable 'a'
5. In sk_msg_shift_left, after shifting, i has already pointed to the next
element. Addtional sk_msg_iter_var_next may result in BUG.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,1th
Updated

EPSS Score Trend (Last 90 Days)

193

Off-by-one Error

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Languages: C, Not Language-Specific
View CWE Details
401

Missing Release of Memory after Effective Lifetime

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Instability Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Reduce Performance
Applicable Platforms
Languages: C, C++, Not Language-Specific
Likelihood of Exploit: Medium
View CWE Details
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.0 (inclusive)
To 5.4.287 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.16 (inclusive)
To 6.1.120 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.7 (inclusive)
To 6.11.11 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.11 (inclusive)
To 5.15.174 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.5 (inclusive)
To 5.10.231 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.2 (inclusive)
To 6.6.64 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.12 (inclusive)
To 6.12.2 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e1…
https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5
https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a…
https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a
https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54…
https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8
https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0…
https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346
https://git.kernel.org/stable/c/d26d977633d1d0b8bf940727818…
https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323
https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bb…
https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449
https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce6…
https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32
https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081…
https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f
https://lists.debian.org/debian-lts-announce/2025/03/msg000…
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg000…
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html