{"id":"AZL-54744","summary":"CVE-2024-56643 affecting package kernel for versions less than 5.15.176.3-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n  comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n  hex dump (first 8 bytes):\n    01 b4 4a 1d 80 88 ff ff                          ..J.....\n  backtrace:\n    [\u003c00000000db7cabfe\u003e] kmemdup+0x23/0x50 mm/util.c:128\n    [\u003c0000000019b38405\u003e] kmemdup include/linux/string.h:465 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n    [\u003c0000000019b38405\u003e] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n    [\u003c00000000b1f6d94a\u003e] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n    [\u003c0000000030d7b621\u003e] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n    [\u003c000000001f74c72e\u003e] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n    [\u003c00000000a6c24128\u003e] sk_backlog_rcv include/net/sock.h:1041 [inline]\n    [\u003c00000000a6c24128\u003e] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n    [\u003c00000000cf1f3a53\u003e] release_sock+0x54/0x1b0 net/core/sock.c:3111\n    [\u003c000000008422fa23\u003e] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n    [\u003c000000008422fa23\u003e] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n    [\u003c0000000015b6f64d\u003e] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n    [\u003c0000000010122488\u003e] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n    [\u003c00000000b4b70023\u003e] __sys_connect+0x165/0x1a0 net/socket.c:1882\n    [\u003c00000000f4cb3815\u003e] __do_sys_connect net/socket.c:1892 [inline]\n    [\u003c00000000f4cb3815\u003e] __se_sys_connect net/socket.c:1889 [inline]\n    [\u003c00000000f4cb3815\u003e] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n    [\u003c00000000e7b1e839\u003e] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n    [\u003c0000000055e91434\u003e] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.","modified":"2026-04-01T05:18:22.697302Z","published":"2024-12-27T15:15:24Z","upstream":["CVE-2024-56643"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56643"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.176.3-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54744.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}