CVE-2024-56651

Published: Dec 27, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.

Vendor	Product	Versions
Linux	Linux	affected `a22bd630cfff496b270211745536e50e98eb3a45 - < 4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1` affected `a22bd630cfff496b270211745536e50e98eb3a45 - < 1128022009444faf49359bd406cd665b177cb643` affected `a22bd630cfff496b270211745536e50e98eb3a45 - < bc30b2fe8c54694f8ae08a5b8a5d174d16d93075` affected `a22bd630cfff496b270211745536e50e98eb3a45 - < 9ad86d377ef4a19c75a9c639964879a5b25a433b` affected `303733fdab728d34708014b3096dc69ebae6e531` +13 more versions
Linux	Linux	affected `6.0` unaffected `0 - < 6.0` unaffected `6.1.120 - <= 6.1.` unaffected `6.6.66 - <= 6.6.` unaffected `6.12.5 - <= 6.12.*` +1 more versions

References

https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1

https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643

https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075

https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-56651

Description

Affected Products

References