CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload
First published: Sat Dec 28 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc] During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt); Fix this issue by setting mci->pvt_info to NULL to avoid the double kfree.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf
- https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832
- https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079
- https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a
- https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088
- https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56708
- https://nvd.nist.gov/vuln/detail/CVE-2024-56708
- https://launchpad.net/bugs/cve/CVE-2024-56708
- https://security-tracker.debian.org/tracker/CVE-2024-56708
- https://ubuntu.com/security/CVE-2024-56708
- https://git.kernel.org/linus/fefaae90398d38a1100ccd73b46ab55ff4610fba
Frequently Asked Questions
What is the severity of CVE-2024-56708?
CVE-2024-56708 has a medium severity rating due to the potential for segmentation faults affecting the stability of the Linux kernel.
How do I fix CVE-2024-56708?
To fix CVE-2024-56708, users should upgrade to a kernel version that includes the patch for this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-56708?
CVE-2024-56708 affects Linux kernel versions between 5.11 and 5.15.174, as well as 5.16 to 6.1.120, 6.2 to 6.6.64, 6.7 to 6.11.11, and 6.12 to 6.12.2.
What is the nature of the vulnerability CVE-2024-56708?
CVE-2024-56708 is a vulnerability that leads to a segmentation fault during module unload in the Linux kernel's EDAC/igen6 handling.
Is CVE-2024-56708 a critical vulnerability?
No, CVE-2024-56708 is not classified as a critical vulnerability, but it can impact system stability if exploited.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/tags
- agent/description
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian