CVE-2024-56651
can: hi311x: hi3110_can_ist(): fix potential use-after-free
Description
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.
INFO
Published Date :
Dec. 27, 2024, 3:15 p.m.
Last Modified :
Feb. 11, 2025, 4:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update the Linux kernel to a patched version.
- Reboot the system to apply the update.
Public PoC/Exploit Available at Github
CVE-2024-56651 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-56651.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-56651 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-56651
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
JavaScript
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-56651 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-56651 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 11, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-416 -
Initial Analysis by [email protected]
Jan. 06, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE NIST CWE-416 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.291 up to (excluding) 4.15 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.256 up to (excluding) 4.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.211 up to (excluding) 5.5 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.137 up to (excluding) 5.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.61 up to (excluding) 5.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18.18 up to (excluding) 5.19 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.19.2 up to (excluding) 5.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.0 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.66 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.5 *cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* Changed Reference Type https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643 No Types Assigned https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643 Patch Changed Reference Type https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1 No Types Assigned https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1 Patch Changed Reference Type https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b No Types Assigned https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b Patch Changed Reference Type https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075 No Types Assigned https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075 Patch -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 27, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting. Added Reference https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643 Added Reference https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1 Added Reference https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b Added Reference https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075