CVE-2024-56651

can: hi311x: hi3110_can_ist(): fix potential use-after-free

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr
during bus-off") removed the reporting of rxerr and txerr even in case
of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is
a potential use after free, since there is no guarantee that the skb
is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and
rxerr reporting.

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-12-27 CVE Reserved
2024-12-27 CVE Published
2025-02-11 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/a22bd630cfff496b270211745536e50e98eb3a45	Vuln. Introduced
https://git.kernel.org/stable/c/303733fdab728d34708014b3096dc69ebae6e531	Vuln. Introduced
https://git.kernel.org/stable/c/410054f1cf75378a6f009359e5952a240102a1a2	Vuln. Introduced
https://git.kernel.org/stable/c/d20bf7e76136fd4c1e47502a1f5773f2290013ed	Vuln. Introduced
https://git.kernel.org/stable/c/22e382d47de09e865a9214cc5c9f99256e65deaa	Vuln. Introduced
https://git.kernel.org/stable/c/dcfcd5fc999b1eb7946de1fd031bc3aaf224c5ae	Vuln. Introduced
https://git.kernel.org/stable/c/330b0ac34beec4fef8b002549af5bc6d0b6f0836	Vuln. Introduced
https://git.kernel.org/stable/c/f3d865a6b791abbc874739ed702ae64ad2607511	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1	2024-12-14
https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643	2024-12-14
https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075	2024-12-14
https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b	2024-11-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.66 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.66"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.12.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.12.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.291 Search vendor "Linux" for product "Linux Kernel" and version "4.14.291"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.256 Search vendor "Linux" for product "Linux Kernel" and version "4.19.256"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.211 Search vendor "Linux" for product "Linux Kernel" and version "5.4.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.137 Search vendor "Linux" for product "Linux Kernel" and version "5.10.137"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.61 Search vendor "Linux" for product "Linux Kernel" and version "5.15.61"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.18.18 Search vendor "Linux" for product "Linux Kernel" and version "5.18.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.19.2 Search vendor "Linux" for product "Linux Kernel" and version "5.19.2"		en		Affected