CVE-2024-56635

CVSS 3.1 Score 7 of 10 (high)

Details

Published Dec 27, 2024

Updated: Feb 10, 2025

CWE ID 362

CWE ID 416

Summary

CVE-2024-56635 is a Linux kernel vulnerability that could lead to a Use-After-Free (UAF) issue in the function default_operstate(). This vulnerability was discovered by syzbot and occurs due to a race condition between device and netns dismantles. After the call to __rtnl_unlock(), it's not guaranteed that the netns for each device is still alive, potentially leading to UAF. The affected devices should not be in the NETREG_UNREGISTERED state, and an ASSERT_RTNL() should be added before the call to __dev_get_by_index(). This UAF issue was identified by the KASAN memory error detection tool and could result in a kernel stack dump and potential system instability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners