CVE-2024-56646: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modify_prefix_route() syzbot found a NULL deref [1] in modify_prefix_route(), caused by one fib6_info without a fib6_table pointer set. This can happen for net->ipv6.fib6_null_entry [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor888 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089 Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 RSP: 0018:ffffc900035d7268 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 R13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000 FS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] modify_prefix_route+0x30b/0x8b0 net/ipv6/addrconf.c:4831 inet6_addr_modify net/ipv6/addrconf.c:4923 [inline] inet6_rtm_newaddr+0x12c7/0x1ab0 net/ipv6/addrconf.c:5055 rtnetlink_rcv_msg+0x3c7/0xea0 net/core/rtnetlink.c:6920 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2541 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2583 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2637 __sys_sendmsg+0x16e/0x220 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd1dcef8b79 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc59cc4378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1dcef8b79 RDX: 0000000000040040 RSI: 0000000020000140 RDI: 0000000000000004 RBP: 00000000000113fd R08: 0000000000000006 R09: 0000000000000006 R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc59cc438c R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 </TASK>
AI Analysis
Technical Summary
CVE-2024-56646 is a vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the function modify_prefix_route(). The issue arises due to a possible NULL pointer dereference caused by a fib6_info structure lacking a valid fib6_table pointer. This condition can occur when the net->ipv6.fib6_null_entry is accessed improperly. The vulnerability was discovered by syzbot, an automated kernel fuzzer, which triggered a general protection fault (kernel oops) due to this NULL dereference. The kernel crash trace indicates that the fault occurs during the acquisition of a spinlock within the modify_prefix_route() function, which is responsible for modifying IPv6 prefix routes. The NULL dereference leads to a kernel panic or crash, resulting in denial of service (DoS) conditions. The vulnerability affects Linux kernel versions around 6.12.0-syzkaller-09567-g7eef7e306d3c and likely other versions with similar IPv6 route handling code. There is no indication of privilege escalation or remote code execution, but the kernel crash can be triggered by crafted netlink messages or IPv6 route modifications, potentially by local users or processes with network configuration privileges. No known exploits are currently in the wild, and no CVSS score has been assigned yet. The vulnerability is technical in nature, involving kernel memory management and locking mechanisms, and requires detailed understanding of the Linux networking stack to exploit or mitigate.
Potential Impact
For European organizations, the primary impact of CVE-2024-56646 is the potential for denial of service on Linux-based systems that handle IPv6 traffic. Many European enterprises, government agencies, and service providers rely heavily on Linux servers and network infrastructure supporting IPv6, especially as IPv6 adoption grows in the region. A successful exploitation could cause kernel crashes leading to system downtime, disruption of critical services, and potential cascading failures in network-dependent applications. While the vulnerability does not appear to allow privilege escalation or remote code execution, the ability to cause kernel panics could be leveraged in targeted attacks to disrupt operations, particularly in environments with multi-tenant systems or cloud infrastructure where IPv6 is enabled. This could affect data centers, telecom providers, and cloud service providers operating in Europe. The impact is more severe in environments where IPv6 routing and network configuration changes are frequent or automated, increasing the risk of accidental or malicious triggering of the flaw. Systems running older or unpatched Linux kernels are at higher risk, and organizations with stringent uptime requirements may face operational and reputational damage if affected.
Mitigation Recommendations
To mitigate CVE-2024-56646, European organizations should: 1) Immediately identify and inventory Linux systems running affected kernel versions, especially those with IPv6 enabled and actively used. 2) Apply the latest Linux kernel patches or updates that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 3) Restrict access to network configuration interfaces and netlink sockets to trusted administrators only, minimizing the risk of local exploitation. 4) Implement monitoring and alerting for kernel oops or crashes related to IPv6 route modifications to detect potential exploitation attempts early. 5) For environments using automated network configuration tools or orchestration, validate inputs and changes to IPv6 routing to prevent malformed or unexpected route modifications. 6) Consider temporarily disabling IPv6 or limiting IPv6 route modifications on critical systems if patching is delayed and operationally feasible. 7) Engage with Linux distribution vendors and security communities for timely updates and guidance. 8) Conduct thorough testing of kernel updates in staging environments to ensure stability before production deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Belgium, Italy
CVE-2024-56646: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modify_prefix_route() syzbot found a NULL deref [1] in modify_prefix_route(), caused by one fib6_info without a fib6_table pointer set. This can happen for net->ipv6.fib6_null_entry [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor888 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089 Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 RSP: 0018:ffffc900035d7268 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 R13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000 FS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] modify_prefix_route+0x30b/0x8b0 net/ipv6/addrconf.c:4831 inet6_addr_modify net/ipv6/addrconf.c:4923 [inline] inet6_rtm_newaddr+0x12c7/0x1ab0 net/ipv6/addrconf.c:5055 rtnetlink_rcv_msg+0x3c7/0xea0 net/core/rtnetlink.c:6920 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2541 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2583 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2637 __sys_sendmsg+0x16e/0x220 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd1dcef8b79 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc59cc4378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1dcef8b79 RDX: 0000000000040040 RSI: 0000000020000140 RDI: 0000000000000004 RBP: 00000000000113fd R08: 0000000000000006 R09: 0000000000000006 R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc59cc438c R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-56646 is a vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the function modify_prefix_route(). The issue arises due to a possible NULL pointer dereference caused by a fib6_info structure lacking a valid fib6_table pointer. This condition can occur when the net->ipv6.fib6_null_entry is accessed improperly. The vulnerability was discovered by syzbot, an automated kernel fuzzer, which triggered a general protection fault (kernel oops) due to this NULL dereference. The kernel crash trace indicates that the fault occurs during the acquisition of a spinlock within the modify_prefix_route() function, which is responsible for modifying IPv6 prefix routes. The NULL dereference leads to a kernel panic or crash, resulting in denial of service (DoS) conditions. The vulnerability affects Linux kernel versions around 6.12.0-syzkaller-09567-g7eef7e306d3c and likely other versions with similar IPv6 route handling code. There is no indication of privilege escalation or remote code execution, but the kernel crash can be triggered by crafted netlink messages or IPv6 route modifications, potentially by local users or processes with network configuration privileges. No known exploits are currently in the wild, and no CVSS score has been assigned yet. The vulnerability is technical in nature, involving kernel memory management and locking mechanisms, and requires detailed understanding of the Linux networking stack to exploit or mitigate.
Potential Impact
For European organizations, the primary impact of CVE-2024-56646 is the potential for denial of service on Linux-based systems that handle IPv6 traffic. Many European enterprises, government agencies, and service providers rely heavily on Linux servers and network infrastructure supporting IPv6, especially as IPv6 adoption grows in the region. A successful exploitation could cause kernel crashes leading to system downtime, disruption of critical services, and potential cascading failures in network-dependent applications. While the vulnerability does not appear to allow privilege escalation or remote code execution, the ability to cause kernel panics could be leveraged in targeted attacks to disrupt operations, particularly in environments with multi-tenant systems or cloud infrastructure where IPv6 is enabled. This could affect data centers, telecom providers, and cloud service providers operating in Europe. The impact is more severe in environments where IPv6 routing and network configuration changes are frequent or automated, increasing the risk of accidental or malicious triggering of the flaw. Systems running older or unpatched Linux kernels are at higher risk, and organizations with stringent uptime requirements may face operational and reputational damage if affected.
Mitigation Recommendations
To mitigate CVE-2024-56646, European organizations should: 1) Immediately identify and inventory Linux systems running affected kernel versions, especially those with IPv6 enabled and actively used. 2) Apply the latest Linux kernel patches or updates that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 3) Restrict access to network configuration interfaces and netlink sockets to trusted administrators only, minimizing the risk of local exploitation. 4) Implement monitoring and alerting for kernel oops or crashes related to IPv6 route modifications to detect potential exploitation attempts early. 5) For environments using automated network configuration tools or orchestration, validate inputs and changes to IPv6 routing to prevent malformed or unexpected route modifications. 6) Consider temporarily disabling IPv6 or limiting IPv6 route modifications on critical systems if patching is delayed and operationally feasible. 7) Engage with Linux distribution vendors and security communities for timely updates and guidance. 8) Conduct thorough testing of kernel updates in staging environments to ensure stability before production deployment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T15:00:39.840Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde455
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:39:41 AM
Last updated: 8/12/2025, 9:20:15 AM
Views: 13
Related Threats
CVE-2025-50610: n/a
HighCVE-2025-50609: n/a
HighCVE-2025-50608: n/a
HighCVE-2025-55194: CWE-248: Uncaught Exception in Part-DB Part-DB-server
MediumCVE-2025-55197: CWE-400: Uncontrolled Resource Consumption in py-pdf pypdf
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.