[SRU][N][PATCH 0/1] CVE-2024-56600
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Sat Feb 15 14:45:27 UTC 2025
[Impact]
net: inet6: do not leave a dangling sk pointer in inet6_create()
sock_init_data() attaches the allocated sk pointer to the provided sock
object. If inet6_create() fails later, the sk object is released, but the
sock object retains the dangling sk pointer, which may cause use-after-free
later.
Clear the sock sk pointer on error.
[Fix]
Oracular: Fixed via upstream stable updates (LP: #2096827)
Noble: Clean cherry pick from mainline
Jammy: Fixed via upstream stable updates (LP: #2095283)
Focal: Fixed via upstream stable updates (LP: #2095145)
[Test]
Compile and boot tested.
[Where problems could occur]
The fix affects the IPv6 socket subsystem. An issue with this fix may
lead to incorrect handling of socket initialization failures. A user
might experience problems such as unexpected crashes when creating IPv6
sockets, lingering socket structures that are not properly released, or
failures to bind to IPv6 addresses.
Ignat Korchagin (1):
net: inet6: do not leave a dangling sk pointer in inet6_create()
net/ipv6/af_inet6.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list