cve/published/2024/CVE-2024-56600.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: inet6: do not leave a dangling sk pointer in inet6_create()

 sock_init_data() attaches the allocated sk pointer to the provided sock
 object. If inet6_create() fails later, the sk object is released, but the
 sock object retains the dangling sk pointer, which may cause use-after-free
 later.

 Clear the sock sk pointer on error.

 The Linux kernel CVE team has assigned CVE-2024-56600 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.4.287 with commit f2709d1271cfdf55c670ab5c5982139ab627ddc7
 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.10.231 with commit 35360255ca30776dee34d9fa764cffa24d0a5f65
 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.15.174 with commit 276a473c956fb55a6f3affa9ff232e10fffa7b43
 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.1.120 with commit 79e16a0d339532ea832d85798eb036fc4f9e0cea
 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.6.66 with commit 706b07b7b37f886423846cb38919132090bc40da
 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.12.5 with commit f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
 	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.13 with commit 9df99c395d0f55fb444ef39f4d6f194ca437d884

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-56600
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/ipv6/af_inet6.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7
 	https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65
 	https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43
 	https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea
 	https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da
 	https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
 	https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: inet6: do not leave a dangling sk pointer in inet6_create()

	sock_init_data() attaches the allocated sk pointer to the provided sock
	object. If inet6_create() fails later, the sk object is released, but the
	sock object retains the dangling sk pointer, which may cause use-after-free
	later.

	Clear the sock sk pointer on error.

	The Linux kernel CVE team has assigned CVE-2024-56600 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.4.287 with commit f2709d1271cfdf55c670ab5c5982139ab627ddc7
	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.10.231 with commit 35360255ca30776dee34d9fa764cffa24d0a5f65
	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.15.174 with commit 276a473c956fb55a6f3affa9ff232e10fffa7b43
	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.1.120 with commit 79e16a0d339532ea832d85798eb036fc4f9e0cea
	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.6.66 with commit 706b07b7b37f886423846cb38919132090bc40da
	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.12.5 with commit f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
	Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.13 with commit 9df99c395d0f55fb444ef39f4d6f194ca437d884

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-56600
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/ipv6/af_inet6.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7
	https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65
	https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43
	https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea
	https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da
	https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06
	https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884