Login Sign Up

CVE-2024-44987

7.8 HIGH
Denial of Service

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's IPv6 implementation that allows local attackers to potentially crash the system or execute arbitrary code. It affects Linux systems with IPv6 enabled, requiring local access to exploit.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions not specified in CVE, but references indicate fixes in stable kernel trees. Likely affects multiple recent versions.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires IPv6 to be enabled and local access. The vulnerability is in ip6_send_skb() function in net/ipv6/ip6_output.c.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, leading to complete system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

No impact if proper kernel patches are applied or IPv6 is disabled.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers with user access could exploit to crash system or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. The UAF occurs after ip6_local_out() returns without proper RCU lock protection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel commits referenced: 24e93695b1239fbe4c31e224372be77f82dab69a, 571567e0277008459750f0728f246086b2659429, 9a3e55afa95ed4ac9eda112d4f918af645d72f25, af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011, cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e

Vendor Advisory: https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a

Restart Required: Yes

Instructions:

1. Update to latest stable kernel version from your distribution. 2. Apply specific kernel patches if available. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable IPv6

linux

Disable IPv6 functionality to prevent exploitation of this vulnerability

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
sysctl -w net.ipv6.conf.all.disable_ipv6=1

🧯 If You Can't Patch

  • Restrict local user access to prevent potential exploitation
  • Implement strict network segmentation to limit attack surface

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from kernel.org stable trees

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and check that IPv6 functions normally

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN reports of use-after-free in ip6_send_skb
  • System crashes related to IPv6 operations

Network Indicators:

  • Unusual local IPv6 socket operations

SIEM Query:

kernel: *ip6_send_skb* OR *KASAN: slab-use-after-free* OR kernel panic

📊 Metadata

CVE ID: CVE-2024-44987
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: September 4, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44987, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)