CVE-2024-56556

High

In the Linux kernel, the following vulnerability has been resolved: binder: fix node UAF in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped in order to acquire the node->lock first (lock nesting order). This can race with binder_node_release() and trigger a use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff53c04c29dd04 by task freeze/640 CPU: 5 UID: 0 PID: 640 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #17 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_add_freeze_work+0x148/0x478 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 Allocated by task 637: __kmalloc_cache_noprof+0x12c/0x27c binder_new_node+0x50/0x700 binder_transaction+0x35ac/0x6f74 binder_thread_write+0xfb8/0x42a0 binder_ioctl+0x18f0/0x25ac __arm64_sys_ioctl+0x124/0x190 Freed by task 637: kfree+0xf0/0x330 binder_thread_read+0x1e88/0x3a68 binder_ioctl+0x16d8/0x25ac __arm64_sys_ioctl+0x124/0x190 ================================================================== Fix the race by taking a temporary reference on the node before releasing the proc->inner lock. This ensures the node remains alive while in use.

Package Linux Kernel
Published 2024-12-27
Last modified 2025-02-10
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

7.0

out of 10
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-362

CVE-2024-56556 is a Race Condition vulnerability

What is Race Condition?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. Learn more on MITRE CWE

Affected versions

Linux kernel versions 6.12 and later are affected. Fixed in 6.12.4, 6.13 and their respective stable series.

Affected from
≥ 6.12
Fixed in
✓ 6.12.4 6.12.x ✓ 6.13

References

The following references provide additional information about CVE-2024-56556 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Frequently asked questions

  • What is CVE-2024-56556?

    CVE-2024-56556 is a High severity Linux kernel vulnerability with a CVSS score of 7.0 out of 10 , classified as a Race Condition flaw (CWE-362) . It affects Linux kernel versions from 6.12 onward and has been patched in 6.12.4 and 6.13. CVE-2024-56556 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2024-56556?

    CVE-2024-56556 has a CVSS score of 7.0 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H .

  • Is there a patch available for CVE-2024-56556?

    Yes — CVE-2024-56556 has been patched. Fixed versions include 6.12.4 and 6.13. If you are running Linux kernel 6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2024-56556 actively exploited?

    No — CVE-2024-56556 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

  • What is Race Condition (CWE-362)?

    The product contains a code sequence that can run concurrently with other code, creating unexpected states. View CWE-362 on MITRE CWE →

Back to
All CVEs
View on
NVD / NIST