CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-56615

Critical Severity
Linux
SVRS
75/100
CVSSv3
7.8/10
EPSS
0.00029/1

CVE-2024-56615 addresses an out-of-bounds write vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically affecting devmap. This flaw arises during element deletion, where a signed integer used for accessing map entries can lead to writing beyond allocated memory boundaries. When the map is released via dev_map_free(), the iterator variable, also a signed integer, can cause similar out-of-bounds accesses. While the CVSS score is 7.8 (High), the SOCRadar Vulnerability Risk Score (SVRS) is 75, indicating a serious level of risk, and close to critical, due to reported exploits in the wild. Exploitation could lead to kernel crashes (as demonstrated by the provided splat) or potentially arbitrary code execution, making timely patching critical. Update your Linux kernel to the latest stable version to mitigate this critical security flaw.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-12-27
LAST MODIFIED2025-01-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-56615 is a vulnerability affecting the Linux kernel's BPF (Berkeley Packet Filter) functionality. This vulnerability stems from an out-of-bounds (OOB) write issue within the dev_map_free() function. When deleting elements from the devmap, the index used to access map entries can potentially exceed the valid range due to being a signed integer. This leads to unintended writes outside the designated memory area, potentially causing a system crash or allowing attackers to gain control over the system.

The SVRS (SOCRadar Vulnerability Risk Score) for CVE-2024-56615 is 70, which signifies a high severity vulnerability. This score indicates the vulnerability's potential for exploitation and impact.

Key Insights

  • Exploitation: CVE-2024-56615 is classified as "In The Wild," meaning malicious actors are actively exploiting this vulnerability. This underscores the urgency to address it.
  • Impact: Exploitation of this vulnerability could lead to system crashes, denial-of-service attacks, and potentially even remote code execution, allowing attackers to gain control of the compromised system.
  • System-Wide Vulnerability: The vulnerability affects the Linux kernel, meaning any system running a vulnerable version of the kernel is at risk.
  • Limited Mitigation: While the initial fix involved changing data types to prevent the OOB writes, it might require system-level updates and reboots.

Mitigation Strategies

  • Immediate Patching: Implement the official patch released by the Linux kernel developers. This involves updating the kernel to the latest version or applying the necessary security patches.
  • System-wide Updates: Regularly scan and update all systems running vulnerable versions of the Linux kernel to ensure all systems are patched.
  • Network Segmentation: Implement network segmentation to isolate potentially vulnerable systems, limiting the impact if an exploit is successful.
  • Threat Intelligence: Utilize threat intelligence resources from organizations like SOCRadar to stay informed about new exploits and attack vectors related to CVE-2024-56615.

Additional Information: If you have further inquiries regarding this vulnerability, please use the "Ask to Analyst" feature on SOCRadar, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7428-1: Linux kernel vulnerabilities
2025-04-09
USN-7428-1: Linux kernel vulnerabilities | Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HID subsystem; - Network drivers; - Mellanox network drivers; - SCSI subsystem; - SuperH / SH-Mobile
ubuntu.com
rss
forum
news
USN-7428-2: Linux kernel (FIPS) vulnerabilities
2025-04-09
USN-7428-2: Linux kernel (FIPS) vulnerabilities | Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HID subsystem; - Network drivers; - Mellanox network drivers; - SCSI subsystem; - SuperH / SH
ubuntu.com
rss
forum
news
USN-7421-1: Linux kernel (Azure) vulnerabilities
2025-04-07
USN-7421-1: Linux kernel (Azure) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C
ubuntu.com
rss
forum
news
USN-7407-1: Linux kernel (HWE) vulnerabilities
2025-04-02
USN-7407-1: Linux kernel (HWE) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C
ubuntu.com
rss
forum
news
USN-7379-2: Linux kernel (Raspberry Pi) vulnerabilities
2025-04-01
USN-7379-2: Linux kernel (Raspberry Pi) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I3C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU
ubuntu.com
rss
forum
news
USN-7392-3: Linux kernel (AWS) vulnerabilities
2025-04-01
USN-7392-3: Linux kernel (AWS) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in
ubuntu.com
rss
forum
news
USN-7392-4: Linux kernel (AWS FIPS) vulnerabilities
2025-04-01
USN-7392-4: Linux kernel (AWS FIPS) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered
ubuntu.com
rss
forum
news

Social Media

4) Severe eBPF Vulnerabilities in #Linux Kernel Tracked as CVE-2024-56614 and CVE-2024-56615, these flaws pose serious security risks by allowing integer overflow exploitation, leading to out-of-bounds writes and memory corruption. Both vulnerabilities have been assigned a
1
0
0
CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel https://t.co/a7xVTVveBQ
0
0
0
CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel - https://t.co/TzK6mGLgoB
0
0
0
CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel https://t.co/JmoKwwpid7
0
1
5
CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Flaws in Linux Kernel Uncover the latest Linux kernel flaws affecting eBPF framework with AF_XDP sockets. Learn about CVE-2024-56614 and CVE-2024-56615 & their potential security risks https://t.co/V7ZiGNi3VP
0
1
2
🗣 CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel https://t.co/VTASXwXbGx
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0f170e91d3063ca60baec4bd9f544faf3bfe29eb
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/178e31df1fb3d9e0890eb471da16709cbc82edee
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/70f3de869865f9c3da0508a5ea29f6f4c1889057
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8e858930695d3ebec423e85384c95427258c294f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/98c03d05936d846073df8f550e9e8bf0dde1d77f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ab244dd7cf4c291f82faacdc50b45cc0f55b674d
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ad34306ac6836e5dd096b7d0ad4aa20cb7c8d9e5

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence