CVE-2024-56640Use After Free in Linux

CWE-416Use After Free75 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV4.7
EPSS
0.0%
top 97.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedDec 27
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140 Workqueue: events smc_lgr_terminate_work [smc] Call trace: refcount_warn_saturate+0x9c/

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel4.185.15.174+4
Debianlinux/linux_kernel< 6.1.123-1+2
Ubuntulinux/linux_kernel< 5.15.0-135.146+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

37
OSV
linux-ibm-5.4 vulnerabilities2026-03-27
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-25
OSV
linux-iot, linux-kvm vulnerabilities2026-03-24
OSV
linux-hwe-5.4, linux-ibm vulnerabilities2026-03-24

📋Vendor Advisories

37
Ubuntu
Kernel Live Patch Security Notice2026-04-13
Ubuntu
Linux kernel (IBM) vulnerabilities2026-03-27
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel vulnerabilities2026-03-24
CVE-2024-56640 — Use After Free in Linux | cvebase