Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.4.287 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43Patch
- https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65Patch
- https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40daPatch
- https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0ceaPatch
- https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884Patch
- https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7Patch
- https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06Patch
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
FAQ
What is CVE-2024-56600?
CVE-2024-56600 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provide...
How severe is CVE-2024-56600?
CVE-2024-56600 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56600?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.