Vulnerabilities > CVE-2024-56601 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891
- https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
- https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288
- https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef
- https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff
- https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b
- https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d