What is CVE-2024-56576?

CVE-2024-56576 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.7 out of 10, classified as a Race Condition flaw (CWE-362), affecting Linux kernel versions from 4.13 onward and patched in 5.4.287, 5.10.231, 5.15.174 and others. CVE-2024-56576 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-56576?

CVE-2024-56576 has a CVSS score of 4.7 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-56576?

Yes, CVE-2024-56576 has been patched. Fixed versions include 5.4.287, 5.10.231, 5.15.174 and others. If you are running Linux kernel 4.13 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-56576 actively exploited?

CVE-2024-56576 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Race Condition (CWE-362)?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/362.html

CVE-2024-56576

Medium

In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix crash in the probe error path when using polling If an error occurs in the probe() function, we should remove the polling timer that was alarmed earlier, otherwise the timer is called with arguments that are already freed, which results in a crash. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268 Modules linked in: CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __run_timers+0x244/0x268 lr : __run_timers+0x1d4/0x268 sp : ffffff80eff2baf0 x29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00 x26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00 x23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000 x20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff x17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e x14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000 x11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009 x8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480 x5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240 x2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0 Call trace: __run_timers+0x244/0x268 timer_expire_remote+0x50/0x68 tmigr_handle_remote+0x388/0x39c run_timer_softirq+0x38/0x44 handle_softirqs+0x138/0x298 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0x9c/0xcc el1_interrupt+0x48/0xc0 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x7c/0x80 default_idle_call+0x34/0x68 do_idle+0x23c/0x294 cpu_startup_entry+0x38/0x3c secondary_start_kernel+0x128/0x160 __secondary_switched+0xb8/0xbc ---[ end trace 0000000000000000 ]---

Package Linux Kernel

Published 2024-12-27

Last modified 2025-11-03

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

4.7

out of 10

Medium

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-362

CVE-2024-56576 is a Race Condition vulnerability

What is Race Condition?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. Learn more on MITRE CWE

Affected versions

Linux kernel versions 4.13 and later are affected. Fixed in 5.4.287, 5.10.231, 5.15.174, 6.1.120, 6.6.64, 6.12.4, 6.13 and their respective stable series.

Affected from

≥ 4.13

Fixed in

✓ 5.4.287 5.4.x ✓ 5.10.231 5.10.x ✓ 5.15.174 5.15.x ✓ 6.1.120 6.1.x ✓ 6.6.64 6.6.x ✓ 6.12.4 6.12.x ✓ 6.13

References

The following references provide additional information about CVE-2024-56576 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Debian Security
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Kernel patch commit
https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8
Patch
Kernel patch commit
https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2024-56576

Severity Medium

CVSS score 4.7 / 10

CVSS version 3.1

Published 2024-12-27

Modified 2025-11-03

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-56576?

CVE-2024-56576 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.7 out of 10 , classified as a Race Condition flaw (CWE-362) . It affects Linux kernel versions from 4.13 onward and has been patched in 5.4.287, 5.10.231, 5.15.174 and others. CVE-2024-56576 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-56576?

CVE-2024-56576 has a CVSS score of 4.7 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-56576?

Yes — CVE-2024-56576 has been patched. Fixed versions include 5.4.287, 5.10.231, 5.15.174 and others. If you are running Linux kernel 4.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-56576 actively exploited?

No — CVE-2024-56576 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Race Condition (CWE-362)?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. View CWE-362 on MITRE CWE →