{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-56643", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-27T15:00:39.840Z", "datePublished": "2024-12-27T15:02:44.492Z", "dateUpdated": "2025-11-03T20:51:45.595Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:00:51.915Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n hex dump (first 8 bytes):\n 01 b4 4a 1d 80 88 ff ff ..J.....\n backtrace:\n [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128\n [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]\n [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111\n [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882\n [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]\n [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]\n [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/dccp/feat.c"], "versions": [{"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "623be080ab3c13d71570bd32f7202a8efa8e2252", "status": "affected", "versionType": "git"}, {"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "c99507fff94b926fc92279c92d80f229c91cb85d", "status": "affected", "versionType": "git"}, {"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "bc3d4423def1a9412a0ae454cb4477089ab79276", "status": "affected", "versionType": "git"}, {"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "6ff67909ee2ffad911e3122616df41dee23ff4f6", "status": "affected", "versionType": "git"}, {"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "d3ec686a369fae5034303061f003cd3f94ddfd23", "status": "affected", "versionType": "git"}, {"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "9ee68b0f23706a77f53c832457b9384178b76421", "status": "affected", "versionType": "git"}, {"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "22be4727a8f898442066bcac34f8a1ad0bc72e14", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/dccp/feat.c"], "versions": [{"version": "2.6.29", "status": "affected"}, {"version": "0", "lessThan": "2.6.29", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.287", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.231", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.120", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.66", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.5", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "5.4.287"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "5.10.231"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "5.15.174"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "6.1.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "6.6.66"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "6.12.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.29", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252"}, {"url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d"}, {"url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276"}, {"url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6"}, {"url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23"}, {"url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421"}, {"url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14"}], "title": "dccp: Fix memory leak in dccp_feat_change_recv", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-56643", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T20:10:38.316606Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:15:52.853Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:51:45.595Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-56643", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T20:10:38.316606Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:10:39.828Z"}}], "cna": {"title": "dccp: Fix memory leak in dccp_feat_change_recv", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "623be080ab3c13d71570bd32f7202a8efa8e2252", "versionType": "git"}, {"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "c99507fff94b926fc92279c92d80f229c91cb85d", "versionType": "git"}, {"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "bc3d4423def1a9412a0ae454cb4477089ab79276", "versionType": "git"}, {"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "6ff67909ee2ffad911e3122616df41dee23ff4f6", "versionType": "git"}, {"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "d3ec686a369fae5034303061f003cd3f94ddfd23", "versionType": "git"}, {"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "9ee68b0f23706a77f53c832457b9384178b76421", "versionType": "git"}, {"status": "affected", "version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57", "lessThan": "22be4727a8f898442066bcac34f8a1ad0bc72e14", "versionType": "git"}], "programFiles": ["net/dccp/feat.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.29"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.29", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.287", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.231", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.174", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.120", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.66", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.5", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/dccp/feat.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252"}, {"url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d"}, {"url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276"}, {"url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6"}, {"url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23"}, {"url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421"}, {"url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n hex dump (first 8 bytes):\n 01 b4 4a 1d 80 88 ff ff ..J.....\n backtrace:\n [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128\n [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]\n [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111\n [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882\n [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]\n [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]\n [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.287", "versionStartIncluding": "2.6.29"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.231", "versionStartIncluding": "2.6.29"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.174", "versionStartIncluding": "2.6.29"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.120", "versionStartIncluding": "2.6.29"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.66", "versionStartIncluding": "2.6.29"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12.5", "versionStartIncluding": "2.6.29"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.13", "versionStartIncluding": "2.6.29"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:00:51.915Z"}}}, "cveMetadata": {"cveId": "CVE-2024-56643", "state": "PUBLISHED", "dateUpdated": "2025-05-04T10:00:51.915Z", "dateReserved": "2024-12-27T15:00:39.840Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-12-27T15:02:44.492Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1298C84F-E296-4E2D-8B96-829D4E94588D", "versionEndExcluding": "5.4.287", "versionStartIncluding": "2.6.29", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935", "versionEndExcluding": "5.10.231", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89", "versionEndExcluding": "5.15.174", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265", "versionEndExcluding": "6.1.120", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A976AD-B9AB-4A95-9F08-7669F8847EB9", "versionEndExcluding": "6.6.66", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9501D045-7A94-42CA-8B03-821BE94A65B7", "versionEndExcluding": "6.12.5", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n hex dump (first 8 bytes):\n 01 b4 4a 1d 80 88 ff ff ..J.....\n backtrace:\n [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128\n [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]\n [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111\n [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882\n [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]\n [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]\n [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dccp: Se corrige la p\u00e9rdida de memoria en dccp_feat_change_recv Si dccp_feat_push_confirm() falla despu\u00e9s de que se acept\u00f3 un nuevo valor para la caracter\u00edstica SP sin conciliaci\u00f3n (rama 'entry == NULL'), la memoria asignada para ese valor con dccp_feat_clone_sp_val() nunca se libera. Aqu\u00ed est\u00e1 la pila kmemleak para esto: objeto sin referencia 0xffff88801d4ab488 (tama\u00f1o 8): comm \"syz-executor310\", pid 1127, jiffies 4295085598 (edad 41.666s) volcado hexadecimal (primeros 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [&lt;00000000db7cabfe&gt;] kmemdup+0x23/0x50 mm/util.c:128 [&lt;0000000019b38405&gt;] kmemdup include/linux/string.h:465 [en l\u00ednea] [&lt;0000000019b38405&gt;] dccp_feat_clone_sp_val net/dccp/feat.c:371 [en l\u00ednea] [&lt;0000000019b38405&gt;] dccp_feat_clone_sp_val net/dccp/feat.c:367 [en l\u00ednea] [&lt;0000000019b38405&gt;] dccp_feat_change_recv net/dccp/feat.c:1145 [en l\u00ednea] [&lt;0000000019b38405&gt;] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [&lt;00000000b1f6d94a&gt;] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [&lt;0000000030d7b621&gt;] dccp_rcv_state_process+0x197/0x13d0 red/dccp/input.c:650 [&lt;000000001f74c72e&gt;] dccp_v4_do_rcv+0xf9/0x1a0 red/dccp/ipv4.c:688 [&lt;00000000a6c24128&gt;] sk_backlog_rcv incluir/net/sock.h:1041 [en l\u00ednea] [&lt;00000000a6c24128&gt;] __release_sock+0x139/0x3b0 red/core/sock.c:2570 [&lt;00000000cf1f3a53&gt;] release_sock+0x54/0x1b0 net/core/sock.c:3111 [&lt;000000008422fa23&gt;] espera_de_conexi\u00f3n inet net/ipv4/af_inet.c:603 [en l\u00ednea] [&lt;000000008422fa23&gt;] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [&lt;0000000015b6f64d&gt;] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [&lt;0000000010122488&gt;] archivo_de_conexi\u00f3n_sys+0x15c/0x1a0 net/socket.c:1865 [&lt;00000000b4b70023&gt;] __sys_connect+0x165/0x1a0 red/socket.c:1882 [&lt;00000000f4cb3815&gt;] __do_sys_connect red/socket.c:1892 [en l\u00ednea] [&lt;00000000f4cb3815&gt;] __se_sys_connect red/socket.c:1889 [en l\u00ednea] [&lt;00000000f4cb3815&gt;] __x64_sys_connect+0x6e/0xb0 red/socket.c:1889 [&lt;00000000e7b1e839&gt;] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [&lt;0000000055e91434&gt;] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Limpia la memoria asignada en caso de que dccp_feat_push_confirm() falle y se resuelve con un c\u00f3digo de reinicio de error. Encontrado por Linux Verification Center (linuxtesting.org) con Syzkaller."}], "id": "CVE-2024-56643", "lastModified": "2025-11-03T21:18:13.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-27T15:15:24.040", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: dccp: Fix memory leak in dccp_feat_change_recv", "id": "2334579", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334579"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndccp: Fix memory leak in dccp_feat_change_recv\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\nHere is the kmemleak stack for this:\nunreferenced object 0xffff88801d4ab488 (size 8):\ncomm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\nhex dump (first 8 bytes):\n01 b4 4a 1d 80 88 ff ff ..J.....\nbacktrace:\n[<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128\n[<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]\n[<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n[<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n[<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n[<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n[<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n[<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n[<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n[<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]\n[<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n[<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111\n[<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n[<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n[<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n[<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n[<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882\n[<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]\n[<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]\n[<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n[<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n[<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."], "name": "CVE-2024-56643", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56643\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56643\nhttps://lore.kernel.org/linux-cve-announce/2024122737-CVE-2024-56643-8470@gregkh/T"], "threat_severity": "Moderate"}

{}