CVE-2024-56601

Summary

CVE-2024-56601 is a vulnerability affecting the Linux kernel where a dangling socket pointer is not properly handled in the net module. Specifically, inet_create() fails to clear the socket pointer in the sock object when the function call fails, leading to a use-after-free condition. This issue arises when sock_init_data() attaches the socket object to the allocated socket structure, but inet_create() fails to allocate memory for the socket structure. Therefore, when the socket structure is freed, the socket object still retains the dangling pointer, potentially leading to unintended behavior or system instability. This vulnerability has been resolved in recent Linux kernel versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.