CVE-2024-56606

Updated: 2025-02-12 02:08:04.823664

Description:

In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH In Testing 2025-02-14 23:55:13
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH In Testing 2025-01-24 11:42:05
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-02-12 06:35:42
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1738672047 2025-02-19 06:52:24
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525834 2025-02-14 23:55:11
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525795 2025-02-14 23:55:12
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1738592614 2025-02-04 02:14:46
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-02-12 06:35:41
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-01-14 13:37:53
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-02-12 06:35:39
Total: 14