CVE-2024-56661
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56661
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56661.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56661
- Downstream
- Related
- Published
- 2024-12-27T15:06:23Z
- Modified
- 2025-10-22T07:26:56.661886Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- tipc: fix NULL deref in cleanup_bearer()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix NULL deref in cleanup_bearer()
syzbot found [1] that after blamed commit, ub->ubsock->sk was NULL when attempting the atomic_dec() :
atomicdec(&tipcnet(socknet(ub->ubsock->sk))->wqcount);
Fix this by caching the tipc_net pointer.
[1]
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events cleanupbearer RIP: 0010:readpnet include/net/netnamespace.h:387 [inline] RIP: 0010:socknet include/net/sock.h:655 [inline] RIP: 0010:cleanupbearer+0x1f7/0x280 net/tipc/udpmedia.c:820 Code: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900 RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20 R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980 R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/07b569eda6fe6a1e83be5a587abee12d1303f95e
- https://git.kernel.org/stable/c/754ec823ee53422361da7958a8c8bf3275426912
- https://git.kernel.org/stable/c/89ecda492d0a37fd00aaffc4151f1f44c26d93ac
- https://git.kernel.org/stable/c/a771f349c95d3397636861a0a6462d4a7a7ecb25
- https://git.kernel.org/stable/c/a852c82eda4991e21610837aaa160965be71f5cc
- https://git.kernel.org/stable/c/b04d86fff66b15c07505d226431f808c15b1703c
- https://git.kernel.org/stable/c/d1d4dfb189a115734bff81c411bc58d9e348db7d
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4e69457f9dfae67435f3ccf29008768eae860415Fixedd1d4dfb189a115734bff81c411bc58d9e348db7d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced650ee9a22d7a2de8999fac2d45983597a0c22359Fixeda771f349c95d3397636861a0a6462d4a7a7ecb25
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd2a4894f238551eae178904e7f45af87577074fdFixed07b569eda6fe6a1e83be5a587abee12d1303f95e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd62d5180c036eeac09f80660edc7a602b369125fFixed754ec823ee53422361da7958a8c8bf3275426912
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd00d4470bf8c4282617a3a10e76b20a9c7e4cffaFixed89ecda492d0a37fd00aaffc4151f1f44c26d93ac
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede48b211c4c59062cb6dd6c2c37c51a7cc235a464Fixeda852c82eda4991e21610837aaa160965be71f5cc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6a2fa13312e51a621f652d522d7e2df7066330b6Fixedb04d86fff66b15c07505d226431f808c15b1703c
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89ecda492d0a37fd00aaffc4151f1f44c26d93ac",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-009e8b2c"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a852c82eda4991e21610837aaa160965be71f5cc",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-07e8a13a"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@754ec823ee53422361da7958a8c8bf3275426912",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-277f8c0e"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b04d86fff66b15c07505d226431f808c15b1703c",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-2d7eba6f"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1d4dfb189a115734bff81c411bc58d9e348db7d",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-3fd1f7ec"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a852c82eda4991e21610837aaa160965be71f5cc",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-7a4579ab"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b04d86fff66b15c07505d226431f808c15b1703c",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-89955c34"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a771f349c95d3397636861a0a6462d4a7a7ecb25",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-8dcf8928"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07b569eda6fe6a1e83be5a587abee12d1303f95e",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-a0e8f9af"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a771f349c95d3397636861a0a6462d4a7a7ecb25",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-a1576b25"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@754ec823ee53422361da7958a8c8bf3275426912",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-b2332e23"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1d4dfb189a115734bff81c411bc58d9e348db7d",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-b713f4f5"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89ecda492d0a37fd00aaffc4151f1f44c26d93ac",
"target": {
"function": "cleanup_bearer",
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "102529818822404218114869287349431410564",
"length": 476.0
},
"id": "CVE-2024-56661-bf148daf"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07b569eda6fe6a1e83be5a587abee12d1303f95e",
"target": {
"file": "net/tipc/udp_media.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"300031449725808462681091776630250257874",
"96121364953625032125385748727094988004",
"140509073318224101008924288558690696330",
"110490428993937171706595900758602980777",
"82185417864768020083162663012039316218",
"35663408840953507991777685539392779965",
"125911994687451492616752380071850043162",
"261934669912597918283531942630592525930",
"73006879061789884141148071527857775113",
"263115873921152289325346991051918778548",
"157974789427861285766874816142046421444"
],
"threshold": 0.9
},
"id": "CVE-2024-56661-e80b197a"
}
]
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.4.287Fixed5.4.288
- Type
- ECOSYSTEM
- Events
-
Introduced5.10.231Fixed5.10.232
- Type
- ECOSYSTEM
- Events
-
Introduced5.15.174Fixed5.15.175
- Type
- ECOSYSTEM
- Events
-
Introduced6.1.120Fixed6.1.121
- Type
- ECOSYSTEM
- Events
-
Introduced6.6.66Fixed6.6.67
- Type
- ECOSYSTEM
- Events
-
Introduced6.12.5Fixed6.12.6