CVE-2024-56603

Updated: 2025-11-19 04:19:18.974094

Description:

In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1743193221 2025-02-05 02:16:36
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1739292069 2025-02-26 21:53:47
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1738672047 2025-02-19 06:51:44
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525834 2025-02-14 23:54:44
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525795 2025-02-14 23:54:44
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1738592614 2025-02-04 02:14:24
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2025-02-26 07:13:09
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-02-26 07:13:08 CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo...
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1739352814 2025-02-13 01:21:57
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1742322442 2025-03-25 03:29:06
Total: 16