CVE-2024-56720

MEDIUM EPSS 13.5%
Published Dec 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpf_msg_pop_data Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.size) should be supported 4. Fix for the value of variable "a" 5. In sk_msg_shift_left, after shifting, i has already pointed to the next element. Addtional sk_msg_iter_var_next may result in BUG.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-193
CWE-401

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.0  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 10

  • git.kernel.org https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f
    Patch