CVE-2024-56766
Published: 06 January 2025
Summary
CVE-2024-56766 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely identification, reporting, and patching of flaws like this double free vulnerability in the Linux kernel MTD subsystem.
RA-5 requires vulnerability scanning and monitoring to identify systems running kernel versions affected by CVE-2024-56766.
SI-16 enforces memory protection mechanisms such as kernel address space randomization that mitigate exploitation of double free vulnerabilities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free kernel vulnerability in Linux MTD NAND subsystem enables local low-privileged attacker to achieve arbitrary code execution and privilege escalation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.
Deeper analysisAI
CVE-2024-56766 is a double free vulnerability (CWE-415) in the Linux kernel's MTD raw NAND subsystem, specifically within the atmel_pmecc_create_user() function. The issue arises because the "user" pointer allocation was changed from kzalloc() to devm_kzalloc(), but the code still calls kfree() on it, resulting in a double free. It affects Linux kernel versions prior to the application of the relevant stable patches and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could lead to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or system crashes within the kernel context.
Mitigation is provided through upstream kernel patches available in the following stable commit references: https://git.kernel.org/stable/c/1562871ef613fa9492aa0310933eff785166a90e, https://git.kernel.org/stable/c/3d825a241e65f7e3072978729e79d735ec40b80e, https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7, https://git.kernel.org/stable/c/ca9818554b0f33e87f38e4bfa2dac056692d46cc, and https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d. Security practitioners should update affected Linux kernels to incorporate these fixes.
Details
- CWE(s)