CVE-2024-56603

Summary

CVE-2024-56603 is a newly identified vulnerability in the Linux kernel. Specifically, in the net subsystem, the `af_can` module contains a flaw in the `can_create()` function. When an error occurs during the creation of a socket object, the function frees the allocated socket (sk) object. However, `sock_init_data()` has already attached this sk object to the provided sock object. Consequently, a dangling sk pointer remains in the sock object, potentially leading to a use-after-free issue in a later stage. This vulnerability could result in memory corruption or unintended code execution. The Linux community has released a patch to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.