CVE-2024-56601

一、漏洞信息
漏洞编号：CVE-2024-56601
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：7.8 High
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:net: inet: do not leave a dangling sk pointer in inet_create()sock_init_data() attaches the allocated sk object to the provided sockobject. If inet_create() fails later, the sk object is freed, but thesock object retains the dangling pointer, which may create use-after-freelater.Clear the sk pointer in the sock object on error.
漏洞公开时间：2024-12-27 23:15:19
漏洞创建时间：2024-12-28 00:04:05
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-56601

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-56601	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-56601	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d	https://bugzilla.suse.com/show_bug.cgi?id=1235230
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-56601.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1235230
redhat_bugzilla	https://lore.kernel.org/linux-cve-announce/2024122703-CVE-2024-56601-2150@gregkh/T	https://bugzilla.redhat.com/show_bug.cgi?id=2334472
debian		https://security-tracker.debian.org/tracker/CVE-2024-56601
mageia		http://advisories.mageia.org/MGASA-2025-0030.html
osv	https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d	https://osv.dev/vulnerability/CVE-2024-56601
osv	https://security-tracker.debian.org/tracker/CVE-2024-56601	https://osv.dev/vulnerability/CVE-2024-56601

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	来源
linux_kernel	5.4.287	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f8a3f255f7509a209292871715cda03779640c8dFixed	linuxkernelcves
linux_kernel	5.10.231	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2bc34d8c8898ae9fddf4612501aabb22d76c2b2cFixed	linuxkernelcves
linux_kernel	5.15.174	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e8258070b0f2aba66b3ef18883de229674fb288Fixed	linuxkernelcves
linux_kernel	6.1.120	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b4513cfd3a10c03c660d5d3d26c2e322efbfdd9bFixed	linuxkernelcves
linux_kernel	6.6.66	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=25447c6aaa7235f155292b0c58a067347e8ae891Fixed	linuxkernelcves
linux_kernel	6.12.5	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=691d6d816f93b2a1008c14178399061466e674efFixed	linuxkernelcves
linux_kernel	6.13-rc1	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9365fa510c6f82e3aa550a09d0c5c6b44dbc78ffPlease	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:net: inet: do not leave a dangling sk pointer in inet_create()sock_init_data() attaches the allocated sk object to the provided sockobject. If inet_create() fails later, the sk object is freed, but thesock object retains the dangling pointer, which may create use-after-freelater.Clear the sk pointer in the sock object on error.The Linux kernel CVE team has assigned CVE-2024-56601 to this issue.
openEuler评分：
7.8
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):受影响
3.openEuler-22.03-LTS-SP4(5.10.0):受影响
4.openEuler-24.03-LTS(6.6.0):受影响
5.openEuler-24.03-LTS-SP1(6.6.0):受影响
6.master(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.master(6.6.0):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.openEuler-22.03-LTS-SP4(5.10.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-22.03-LTS-SP3(5.10.0):正常修复
2.openEuler-22.03-LTS-SP4(5.10.0):正常修复
3.openEuler-24.03-LTS(6.6.0):正常修复
4.openEuler-24.03-LTS-SP1(6.6.0):正常修复
5.openEuler-20.03-LTS-SP4(4.19.90):不修复-超出修复范围
6.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1286

src-openEuler/kernel

内容风险标识

评论 (14)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-56601

评论 (14)

搜索帮助

src-openEuler/kernel