CVE-2024-56642

Summary

CVE-2024-56642 is a Linux kernel vulnerability affecting the tipc subsystem. A use-after-free issue was identified in cleanup_bearer() function, specifically in the handling of UDP kernel sockets. When bearer_disable() calls tipc_udp_disable(), the cleanup of the UDP kernel socket is deferred by work calling cleanup_bearer(). However, tipc_exit_net() waits for such works to finish by checking tipc_net(net)->wq_count, but the work decrements the count too early, resulting in use-after-free and causing a kernel message signature (KMSAN) error in udp_hashslot and udp_lib_unhash functions. To address this issue, the decrement should be moved after releasing the socket in cleanup_bearer(). The vulnerability was discovered using syzkaller and affects systems running 6.12.0-rc1-00131-gf66ebf37d69c #7 kernel.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.