Login Sign Up

CVE-2024-56658

7.8 HIGH
Denial of Service

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's network namespace subsystem where a freed network structure can be accessed during cleanup, potentially leading to kernel memory corruption. It affects Linux systems using network namespaces, particularly those with IPv4/IPv6 forwarding or XFRM policies enabled. The vulnerability can be triggered during network namespace teardown operations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but references stable kernel commits from 2024; likely affects multiple recent kernel versions before fixes.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires network namespace usage (common in containerized environments, virtualization). IPv4/IPv6 forwarding or XFRM policies increase exposure.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger controlled memory corruption.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting network functionality.

🟢

If Mitigated

Limited impact if network namespaces are not used or if systems are patched before exploitation attempts.

🌐 Internet-Facing: MEDIUM - Requires specific conditions (network namespace operations) but could affect servers with containerization or virtualization.
🏢 Internal Only: MEDIUM - Similar risk profile; exploitation requires kernel-level access or ability to manipulate network namespaces.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires kernel-level access and ability to manipulate network namespace teardown.

Exploitation requires triggering specific cleanup sequences; no public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 0f6ede9fbc747e2553612271bce108f7517e7a45, 3267b254dc0a04dfa362a2be24573cfa6d2d78f5, 6610c7f8a8d47fd1123eed55ba8c11c2444d8842, b7a79e51297f7b82adb687086f5cb2da446f1e40, c261dcd61c9e88a8f1a66654354d32295a975230

Vendor Advisory: https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45

Restart Required: Yes

Instructions:

1. Update Linux kernel to a patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable network namespaces

linux

Prevent creation of new network namespaces to reduce attack surface.

echo 0 > /proc/sys/user/max_net_namespaces

Limit network namespace usage

linux

Restrict network namespace operations to trusted users only.

sysctl -w user.max_net_namespaces=1

🧯 If You Can't Patch

  • Isolate systems using network namespaces to minimize blast radius.
  • Implement strict access controls to prevent unauthorized users from creating/manipulating network namespaces.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from distribution vendor; examine if system uses network namespaces (check with 'ip netns list' or container runtime).

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits; test network namespace creation/destruction for stability.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs mentioning 'slab-use-after-free', 'dst_destroy', or 'netns'
  • System crashes during network namespace operations

Network Indicators:

  • Unexpected network namespace teardown events
  • Container or virtualization platform instability

SIEM Query:

source="kernel" AND ("slab-use-after-free" OR "dst_destroy" OR "netns")

📊 Metadata

CVE ID: CVE-2024-56658
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: December 27, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56658, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)