high
7.8
CWE
416
Advisory Published
Updated

CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create()

First published: Fri Dec 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel<5.4.287
Linux Kernel>=5.5<5.10.231
Linux Kernel>=5.11<5.15.174
Linux Kernel>=5.16<6.1.120
Linux Kernel>=6.2<6.6.66
Linux Kernel>=6.7<6.12.5

Remedy

https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891

Remedy

https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c

Remedy

https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288

Remedy

https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef

Remedy

https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff

Remedy

https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b

Remedy

https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-56601?

    CVE-2024-56601 has a moderate severity level due to potential risk of system instability.

  • Which versions of the Linux kernel are affected by CVE-2024-56601?

    CVE-2024-56601 affects Linux kernel versions up to 5.4.287 and specific ranges from 5.5 up to 6.6.66.

  • How do I fix CVE-2024-56601?

    To fix CVE-2024-56601, update the Linux kernel to the latest stable version that eliminates this vulnerability.

  • What systems are impacted by CVE-2024-56601?

    Systems running affected versions of the Linux kernel may experience issues related to socket handling.

  • Is CVE-2024-56601 a remote or local vulnerability?

    CVE-2024-56601 can be exploited locally, requiring access to the system to trigger the issue.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203