high
7.8
CWE
416
Advisory Published
Updated

CVE-2024-56606: af_packet: avoid erroring out after sock_init_data() in packet_create()

First published: Fri Dec 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
<5.4.287
>=5.5<5.10.231
>=5.11<5.15.174
>=5.16<6.1.120
>=6.2<6.6.66
>=6.7<6.12.5

Remedy

https://git.kernel.org/stable/c/132e615bb1d7cdec2d3cfbdec2efa630e923fd21

Remedy

https://git.kernel.org/stable/c/157f08db94123e2ba56877dd0ac88908b13a5dd0

Remedy

https://git.kernel.org/stable/c/1dc1e1db927056cb323296e2294a855cd003dfe7

Remedy

https://git.kernel.org/stable/c/46f2a11cb82b657fd15bab1c47821b635e03838b

Remedy

https://git.kernel.org/stable/c/71b22837a5e55ac27d6a14b9cdf2326587405c4f

Remedy

https://git.kernel.org/stable/c/a6cf750b737374454a4e03a5ed449a3eb0c96414

Remedy

https://git.kernel.org/stable/c/fd09880b16d33aa5a7420578e01cd79148fa9829

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-56606?

    CVE-2024-56606 has a medium severity level as it can lead to potential denial-of-service conditions.

  • How do I fix CVE-2024-56606?

    To fix CVE-2024-56606, upgrade to a version of the Linux kernel that is beyond the specified vulnerable range.

  • Which Linux kernel versions are affected by CVE-2024-56606?

    CVE-2024-56606 affects Linux kernel versions 5.4.287 and below, as well as various ranges up to 6.12.5.

  • What components are impacted by CVE-2024-56606?

    CVE-2024-56606 impacts the af_packet component of the Linux kernel.

  • Is CVE-2024-56606 a remote vulnerability?

    CVE-2024-56606 is not classified as a remote vulnerability as it requires local access to exploit.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203