Login Sign Up

CVE-2024-56602

7.8 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's IEEE 802.15.4 wireless networking subsystem allows attackers to potentially crash the kernel or execute arbitrary code. This affects systems using Linux kernel versions with the vulnerable code, particularly those with IEEE 802.15.4 (Zigbee, 6LoWPAN) networking enabled. The vulnerability occurs when socket creation fails but leaves a dangling pointer that can be exploited.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches exist for multiple stable branches
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if IEEE 802.15.4 subsystem is enabled/used (not common in most default configurations)

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or local privilege escalation allowing full system compromise

🟠

Likely Case

Kernel crash causing denial of service on affected systems

🟢

If Mitigated

No impact if IEEE 802.15.4 is disabled or systems are patched

🌐 Internet-Facing: LOW - Requires local access or specific network configuration
🏢 Internal Only: MEDIUM - Local attackers could exploit if IEEE 802.15.4 is enabled

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and specific conditions to trigger the use-after-free

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 03caa9bfb9fde97fb53d33decd7364514e6825cb and others listed in references

Vendor Advisory: https://git.kernel.org/stable/c/03caa9bfb9fde97fb53d33decd7364514e6825cb

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable IEEE 802.15.4 subsystem

linux

Prevent exploitation by disabling the vulnerable subsystem if not needed

modprobe -r mac802154
modprobe -r ieee802154
echo 'blacklist mac802154' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist ieee802154' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Disable IEEE 802.15.4 kernel modules if not required for system functionality
  • Implement strict access controls to limit local user privileges and network access

🔍 How to Verify

Check if Vulnerable:

Check if IEEE 802.15.4 modules are loaded: lsmod | grep -E '(mac802154|ieee802154)'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched releases from your distribution and verify modules are either updated or disabled

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer messages related to networking
  • System crash dumps

Network Indicators:

  • Unusual IEEE 802.15.4 network activity if normally unused

SIEM Query:

kernel:panic OR kernel:Oops OR kernel:BUG AND (mac802154 OR ieee802154)

📊 Metadata

CVE ID: CVE-2024-56602
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: December 27, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56602, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)