← Back

CVE-2024-56651

nvd nist
Published: Dec 27, 2024Modified: Jun 17, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.

Affected (11)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 4.14.291 to 4.15
From 4.19.256 to 4.20
From 5.10.137 to 5.11
From 5.15.61 to 5.16
From 5.18.18 to 5.19
From 5.19.2 to 5.20
From 5.4.211 to 5.5
From 6.0 to 6.1.120
From 6.2 to 6.6.66
From 6.7 to 6.12.5
Version 6.13 rc1

References (5)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.