Description

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.

INFO

Published Date :

2024-12-27T15:02:50.759Z

Last Modified :

2025-11-03T20:51:58.194Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56651 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56651.

URL Resource
https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643 cve-icon cve-icon
https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1 cve-icon cve-icon
https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b cve-icon cve-icon
https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024122740-CVE-2024-56651-2d22@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-56651 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-56651 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact