CVE-2024-56647

Summary

CVE-2024-56647 is a vulnerability affecting the Linux kernel that can be triggered when arp link failure occurs while IPsec (XFRM) is enabled. This issue results in ip_rt_bug being called, leading to a CPU warning and potential system instability. The scenario is reproduced when locally generated ICMP packets cause nicmp_route_lookup() to create and set a DESTUNREACH output route with the loopback interface as the destination dev. To mitigate this vulnerability, disabling ICMP relookup for locally generated packets is recommended. The vulnerability affects Linux kernel versions up to 6.12.0-rc6-00077-g2e1b3cc9d7f7, and the resolution involves fixing the icmp host relookup process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.