CVE-2024-56672

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Dec 27, 2024

Updated: Feb 10, 2025

CWE ID 416

Summary

CVE-2024-56672 is a vulnerability in the Linux kernel that affects the blkcg subsystem. The issue lies in the function blkcg_unpin_online(), which can lead to a Use-After-Free (UAF) condition. This occurs because blkcg_unpin_online() calls blkcg_destroy_blkgs(blkcg) before obtaining the parent pointer, allowing the blkcg to be freed and resulting in a UAF. The vulnerability can potentially allow an attacker to corrupt kernel memory, leading to system instability or even a complete system compromise. The UAF is not trivial to exploit, as it requires bypassing RCU grace periods and a work item execution. The vulnerability has been resolved by reading the parent pointer before destroying the blkcg's blkg.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-56672

CVSS 3.1 Score 7.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations