{"vulnerability": "CVE-2024-56772", "sightings": [{"uuid": "7a7b4585-35b0-478d-a269-4e702d2a89d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794007403045568", "content": "", "creation_timestamp": "2025-01-08T17:52:36.448954Z"}, {"uuid": "a4e77f99-7726-4aa1-8aeb-85690805450e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfargtmmko2l", "content": "", "creation_timestamp": "2025-01-08T18:15:45.045318Z"}, {"uuid": "2594469b-0890-4f59-9c14-119336157f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfatatc46i2i", "content": "", "creation_timestamp": "2025-01-08T18:48:10.791802Z"}, {"uuid": "17617fd1-9c5f-4710-aa07-f9e5e4172c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56772", "type": "seen", "source": "https://t.me/cvedetector/14721", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56772 - Linux kernel: Uninitialized Free Pointer (UAF) vulnerability in kunit string-stream module.\", \n  \"Content\": \"CVE ID : CVE-2024-56772 \nPublished : Jan. 8, 2025, 6:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nkunit: string-stream: Fix a UAF bug in kunit_init_suite()  \n  \nIn kunit_debugfs_create_suite(), if alloc_string_stream() fails in the  \nkunit_suite_for_each_test_case() loop, the \"suite->log = stream\"  \nhas assigned before, and the error path only free the suite->log's stream  \nmemory but not set it to NULL, so the later string_stream_clear() of  \nsuite->log in kunit_init_suite() will cause below UAF bug.  \n  \nSet stream pointer to NULL after free to fix it.  \n  \n Unable to handle kernel paging request at virtual address 006440150000030d  \n Mem abort info:  \n   ESR = 0x0000000096000004  \n   EC = 0x25: DABT (current EL), IL = 32 bits  \n   SET = 0, FnV = 0  \n   EA = 0, S1PTW = 0  \n   FSC = 0x04: level 0 translation fault  \n Data abort info:  \n   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000  \n   CM = 0, WnR = 0, TnD = 0, TagAccess = 0  \n   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0  \n [006440150000030d] address between user and kernel address ranges  \n Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP  \n Dumping ftrace buffer:  \n    (ftrace buffer empty)  \n Modules linked in: iio_test_gts industrialio_gts_helper cfg80211 rfkill ipv6 [last unloaded: iio_test_gts]  \n CPU: 5 UID: 0 PID: 6253 Comm: modprobe Tainted: G    B   W        N 6.12.0-rc4+ #458  \n Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST  \n Hardware name: linux,dummy-virt (DT)  \n pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)  \n pc : string_stream_clear+0x54/0x1ac  \n lr : string_stream_clear+0x1a8/0x1ac  \n sp : ffffffc080b47410  \n x29: ffffffc080b47410 x28: 006440550000030d x27: ffffff80c96b5e98  \n x26: ffffff80c96b5e80 x25: ffffffe461b3f6c0 x24: 0000000000000003  \n x23: ffffff80c96b5e88 x22: 1ffffff019cdf4fc x21: dfffffc000000000  \n x20: ffffff80ce6fa7e0 x19: 032202a80000186d x18: 0000000000001840  \n x17: 0000000000000000 x16: 0000000000000000 x15: ffffffe45c355cb4  \n x14: ffffffe45c35589c x13: ffffffe45c03da78 x12: ffffffb810168e75  \n x11: 1ffffff810168e74 x10: ffffffb810168e74 x9 : dfffffc000000000  \n x8 : 0000000000000004 x7 : 0000000000000003 x6 : 0000000000000001  \n x5 : ffffffc080b473a0 x4 : 0000000000000000 x3 : 0000000000000000  \n x2 : 0000000000000001 x1 : ffffffe462fbf620 x0 : dfffffc000000000  \n Call trace:  \n  string_stream_clear+0x54/0x1ac  \n  __kunit_test_suites_init+0x108/0x1d8  \n  kunit_exec_run_tests+0xb8/0x100  \n  kunit_module_notify+0x400/0x55c  \n  notifier_call_chain+0xfc/0x3b4  \n  blocking_notifier_call_chain+0x68/0x9c  \n  do_init_module+0x24c/0x5c8  \n  load_module+0x4acc/0x4e90  \n  init_module_from_file+0xd4/0x128  \n  idempotent_init_module+0x2d4/0x57c  \n  __arm64_sys_finit_module+0xac/0x100  \n  invoke_syscall+0x6c/0x258  \n  el0_svc_common.constprop.0+0x160/0x22c  \n  do_el0_svc+0x44/0x5c  \n  el0_svc+0x48/0xb8  \n  el0t_64_sync_handler+0x13c/0x158  \n  el0t_64_sync+0x190/0x194  \n Code: f9400753 d2dff800 f2fbffe0 d343fe7c (38e06b80)  \n ---[ end trace 0000000000000000 ]---  \n Kernel panic - not syncing: Oops: Fatal exception \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T20:00:06.000000Z"}]}