CVE-2024-56718 — Improper Cleanup on Thrown Exception in Linux

CWE-460 — Improper Cleanup on Thrown Exception38 documents7 sources

Severity

5.5MEDIUMNVD

OSV7.8OSV7.1OSV6.2

EPSS

0.0%

top 94.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +6 more

Timeline

PublishedDec 29

Latest updateMay 29

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work, and put the reference after work executed or canceled. The relevant crash call stack as follows: list_del corruption. prev->next should be ffffb638c9c0fe20, but was 0000000000000000 ------------[ cu…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶NVDlinux/linux_kernel5.8 — 6.1.122+3

▶Debianlinux/linux_kernel< 6.1.123-1+2

▶Ubuntulinux/linux_kernel< 6.8.0-60.63

▶msrcmsrc/azl3_kernel_6.6.64.2-9_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.76.1-1_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-oracle-6.8 vulnerabilities↗2025-05-29

▶

OSV

linux-hwe-6.8 vulnerabilities↗2025-05-28

▶

OSV

linux-raspi vulnerabilities↗2025-05-26

▶

OSV

linux-azure-nvidia vulnerabilities↗2025-05-20

▶

OSV

linux-raspi-realtime vulnerabilities↗2025-05-20

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2025-05-29

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2025-05-28

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-05-26

▶

Ubuntu

Linux kernel vulnerabilities↗2025-05-20

▶

Ubuntu

Linux kernel (Azure, N-Series) vulnerabilities↗2025-05-20

▶