Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-56601

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-27 Dec, 2024 | 14:51
Updated At-03 Nov, 2025 | 20:50
Rejected At-
Credits

net: inet: do not leave a dangling sk pointer in inet_create()

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:27 Dec, 2024 | 14:51
Updated At:03 Nov, 2025 | 20:50
Rejected At:
▼CVE Numbering Authority (CNA)
net: inet: do not leave a dangling sk pointer in inet_create()

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv4/af_inet.c
Default Status
unaffected
Versions
Affected
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before f8a3f255f7509a209292871715cda03779640c8d (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2bc34d8c8898ae9fddf4612501aabb22d76c2b2c (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 3e8258070b0f2aba66b3ef18883de229674fb288 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 25447c6aaa7235f155292b0c58a067347e8ae891 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 691d6d816f93b2a1008c14178399061466e674ef (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv4/af_inet.c
Default Status
affected
Versions
Affected
  • 2.6.12
Unaffected
  • From 0 before 2.6.12 (semver)
  • From 5.4.287 through 5.4.* (semver)
  • From 5.10.231 through 5.10.* (semver)
  • From 5.15.174 through 5.15.* (semver)
  • From 6.1.120 through 6.1.* (semver)
  • From 6.6.66 through 6.6.* (semver)
  • From 6.12.5 through 6.12.* (semver)
  • From 6.13 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d
N/A
https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
N/A
https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288
N/A
https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b
N/A
https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891
N/A
https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef
N/A
https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff
N/A
Hyperlink: https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:27 Dec, 2024 | 15:15
Updated At:03 Nov, 2025 | 21:18

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions before 5.4.287(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.5(inclusive) to 5.10.231(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.11(inclusive) to 5.15.174(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 6.1.120(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.66(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.12.5(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found