Linux Kernel IPv6 Device Removal Vulnerability
CVE-2024-56751

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
29 December 2024

What is CVE-2024-56751?

A vulnerability in the Linux kernel pertains to the IPv6 subsystem, where improper handling of nexthop references occurs during device removal. This flaw can lead to hangs at the time of device cleanup, specifically when unregistering a network device under load. The vulnerability manifests when the kernel continues referencing a nexthop even after the associated device is set for removal, ultimately impacting overall network performance. Explicit management of the routing information base is necessary to ensure that connections are appropriately severed, preventing the persistent state from causing system instability. The resolution focuses on ensuring that referencing is adequately tracked and released during device disengagement, which is crucial for maintaining the integrity of the networking stack.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 < 77aa9855a878fb43f547ddfbda3127a1e88ad31a

Linux f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74

Linux f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 < 43e25adc80269f917d2a195f0d59f74cdd182955

References

https://git.kernel.org/stable/c/77aa9855a878fb43f547ddfbd...
https://git.kernel.org/stable/c/b2f26a27ea3f72f75d18330f7...
https://git.kernel.org/stable/c/43e25adc80269f917d2a195f0...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.