{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/vex/2024/cve-2024-56642-els_os-ubuntu16_04els.json" } ], "title": "Security update on CVE-2024-56642", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-56642-ELS_OS-UBUNTU16.04ELS", "initial_release_date": "2024-12-27T15:15:00Z", "revision_history": [ { "date": "2024-12-27T15:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-06-10T09:38:30Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64", "product": { "name": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64", "product_id": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-275-tuxcare.els46@4.4.0-275.309?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.4.0-275.309.amd64", "product": { "name": "linux-libc-dev-0:4.4.0-275.309.amd64", "product_id": "linux-libc-dev-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-275.309?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product": { "name": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product_id": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-275-tuxcare.els46-lowlatency@4.4.0-275.309?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "product": { "name": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "product_id": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-275-tuxcare.els46-generic@4.4.0-275.309?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "product": { "name": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "product_id": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.4.0-275-tuxcare.els46-generic@4.4.0-275.309?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product": { "name": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product_id": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-275-tuxcare.els46-lowlatency@4.4.0-275.309?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product": { "name": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product_id": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency@4.4.0-275.309?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-tools-host-0:4.4.0-275.309.all", "product": { "name": "linux-tools-host-0:4.4.0-275.309.all", "product_id": "linux-tools-host-0:4.4.0-275.309.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-275.309?arch=all" } } }, { "category": "product_version", "name": "linux-source-4.4.0-0:4.4.0-275.309.all", "product": { "name": "linux-source-4.4.0-0:4.4.0-275.309.all", "product_id": "linux-source-4.4.0-0:4.4.0-275.309.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-275.309?arch=all" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all", "product": { "name": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all", "product_id": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-275-tuxcare.els46@4.4.0-275.309?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64" }, "product_reference": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64" }, "product_reference": "linux-libc-dev-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64" }, "product_reference": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64" }, "product_reference": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64" }, "product_reference": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.4.0-275.309.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all" }, "product_reference": "linux-tools-host-0:4.4.0-275.309.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-4.4.0-0:4.4.0-275.309.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all" }, "product_reference": "linux-source-4.4.0-0:4.4.0-275.309.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all" }, "product_reference": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64" }, "product_reference": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64" }, "product_reference": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-56642", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free of kernel socket in cleanup_bearer().\n\nsyzkaller reported a use-after-free of UDP kernel socket\nin cleanup_bearer() without repro. [0][1]\n\nWhen bearer_disable() calls tipc_udp_disable(), cleanup\nof the UDP kernel socket is deferred by work calling\ncleanup_bearer().\n\ntipc_exit_net() waits for such works to finish by checking\ntipc_net(net)->wq_count. However, the work decrements the\ncount too early before releasing the kernel socket,\nunblocking cleanup_net() and resulting in use-after-free.\n\nLet's move the decrement after releasing the socket in\ncleanup_bearer().\n\n[0]:\nref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at\n sk_alloc+0x438/0x608\n inet_create+0x4c8/0xcb0\n __sock_create+0x350/0x6b8\n sock_create_kern+0x58/0x78\n udp_sock_create4+0x68/0x398\n udp_sock_create+0x88/0xc8\n tipc_udp_enable+0x5e8/0x848\n __tipc_nl_bearer_enable+0x84c/0xed8\n tipc_nl_bearer_enable+0x38/0x60\n genl_family_rcv_msg_doit+0x170/0x248\n genl_rcv_msg+0x400/0x5b0\n netlink_rcv_skb+0x1dc/0x398\n genl_rcv+0x44/0x68\n netlink_unicast+0x678/0x8b0\n netlink_sendmsg+0x5e4/0x898\n ____sys_sendmsg+0x500/0x830\n\n[1]:\nBUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline]\nBUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n udp_hashslot include/net/udp.h:85 [inline]\n udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n sk_common_release+0xaf/0x3f0 net/core/sock.c:3820\n inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437\n inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489\n __sock_release net/socket.c:658 [inline]\n sock_release+0xa0/0x210 net/socket.c:686\n cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\n slab_free_hook mm/slub.c:2269 [inline]\n slab_free mm/slub.c:4580 [inline]\n kmem_cache_free+0x207/0xc40 mm/slub.c:4682\n net_free net/core/net_namespace.c:454 [inline]\n cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: events cleanup_bearer", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all", "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all", "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56642" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4e69457f9dfae67435f3ccf29008768eae860415", "url": "https://git.kernel.org/stable/c/4e69457f9dfae67435f3ccf29008768eae860415" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/650ee9a22d7a2de8999fac2d45983597a0c22359", "url": "https://git.kernel.org/stable/c/650ee9a22d7a2de8999fac2d45983597a0c22359" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6a2fa13312e51a621f652d522d7e2df7066330b6", "url": "https://git.kernel.org/stable/c/6a2fa13312e51a621f652d522d7e2df7066330b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d00d4470bf8c4282617a3a10e76b20a9c7e4cffa", "url": "https://git.kernel.org/stable/c/d00d4470bf8c4282617a3a10e76b20a9c7e4cffa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d2a4894f238551eae178904e7f45af87577074fd", "url": "https://git.kernel.org/stable/c/d2a4894f238551eae178904e7f45af87577074fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d62d5180c036eeac09f80660edc7a602b369125f", "url": "https://git.kernel.org/stable/c/d62d5180c036eeac09f80660edc7a602b369125f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e48b211c4c59062cb6dd6c2c37c51a7cc235a464", "url": "https://git.kernel.org/stable/c/e48b211c4c59062cb6dd6c2c37c51a7cc235a464" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all", "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all", "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }