CVE-2024-56772 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-56772?

CVE-2024-56772 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's KUnit testing framework. When alloc_string_stream() fails during test suite initialization, the system fails to properly nullify a freed pointer, leading to memory corruption when later accessed. This affects systems running vulnerable Linux kernel versions with KUnit enabled.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's KUnit testing framework. When alloc_string_stream() fails during test suite initialization, the system fails to properly nullify a freed pointer, leading to memory corruption when later accessed. This affects systems running vulnerable Linux kernel versions with KUnit enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated, but patches available for stable branches. Check kernel commit history for exact ranges.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when KUnit testing framework is enabled and being used. Most production systems likely have KUnit disabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially allowing local privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Kernel panic and system crash when loading kernel modules with KUnit tests, causing denial of service.

🟢

If Mitigated

No impact if KUnit is disabled or the system is patched.

🌐 Internet-Facing: LOW - Requires local access or ability to load kernel modules.

🏢 Internal Only: MEDIUM - Local users or processes with module loading privileges could crash the system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to load kernel modules or trigger KUnit test execution. Not remotely exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees. Check specific distribution kernels for backports.

Vendor Advisory: https://git.kernel.org/stable/c/3213b92754b94dec6836e8b4d6ec7d224a805b61

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution. 2. Rebuild kernel if compiling from source with the fix. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable KUnit

all

Disable KUnit testing framework in kernel configuration to prevent vulnerability trigger.

Disable CONFIG_KUNIT in kernel config and rebuild kernel

🧯 If You Can't Patch

Disable KUnit module loading via kernel module blacklisting.
Restrict kernel module loading to trusted users only via sysctl settings.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if KUnit is enabled. Vulnerable if using affected kernel with KUnit enabled.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include the fix commit 3213b92754b94dec6836e8b4d6ec7d224a805b61.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs with 'string_stream_clear' in call trace
OOM or memory corruption errors during module loading

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic events with 'string_stream_clear' or 'UAF' in kernel logs.

📊 Metadata

CVE ID: CVE-2024-56772

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (11th percentile)

Published: January 8, 2025

Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56772, you might also want to check these: