CVE-2024-56556

CVSS 3.1 Score 7 of 10 (high)

Details

Published Dec 27, 2024

Updated: Feb 10, 2025

CWE ID 416

CWE ID 362

Summary

CVE-2024-56556 is a kernel vulnerability in Linux that affects the binder subsystem. In the function binder_add_freeze_work(), a race condition occurs when the proc->inner_lock is dropped to acquire the node->lock, allowing binder_node_release() to free a node before it is fully released. This results in a use-after-free error, as demonstrated in the call trace and kernel message provided. The issue has been resolved by taking a temporary reference on the node before releasing the proc->inner_lock, ensuring the node remains alive during use.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/19blSP
https://www.cve.org/CVERecord?id=CVE-2024-56556
https://nvd.nist.gov/vuln/detail/CVE-2024-56556

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners