CVE-2024-56603

On error cancreate() frees the allocated sk object, but sockinit_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56603.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

884ae8bcee749be43a071d6ed2d89058dbd2425c

Fixed

ce39b5576785bb3e66591145aad03d66bc3e778d

Fixed

1fe625f12d090d69f3f084990c7e4c1ff94bfe5f

Fixed

5947c9ac08f0771ea8ed64186b0d52e9029cb6c0

Fixed

db207d19adbac96058685f6257720906ad41d215

Fixed

8df832e6b945e1ba61467d7f1c9305e314ae92fe

Fixed

811a7ca7320c062e15d0f5b171fe6ad8592d1434

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.287

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.231

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.174

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.120

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.66

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.5