[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-47711":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":56,"related":57,"reserved_at":9,"published_at":64,"modified_at":65,"state":66,"summary":67,"references_raw":76,"kevs":87,"epss":88,"epss_history":91,"metrics":353,"affected":359},"CVE-2024-47711","In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don't return OOB skb in manage_oob().\n\nsyzbot reported use-after-free in unix_stream_recv_urg(). [0]\n\nThe scenario is\n\n  1. send(MSG_OOB)\n  2. recv(MSG_OOB)\n     -> The consumed OOB remains in recv queue\n  3. send(MSG_OOB)\n  4. recv()\n     -> manage_oob() returns the next skb of the consumed OOB\n     -> This is also OOB, but unix_sk(sk)->oob_skb is not cleared\n  5. recv(MSG_OOB)\n     -> unix_sk(sk)->oob_skb is used but already freed\n\nThe recent commit 8594d9b85c07 (\"af_unix: Don't call skb_get() for OOB\nskb.\") uncovered the issue.\n\nIf the OOB skb is consumed and the next skb is peeked in manage_oob(),\nwe still need to check if the skb is OOB.\n\nLet's do so by falling back to the following checks in manage_oob()\nand add the test case in selftest.\n\nNote that we need to add a similar check for SIOCATMARK.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor+0xa6/0xb0 net/unix/af_unix.c:2959\nRead of size 4 at addr ffff8880326abcc4 by task syz-executor178/5235\n\nCPU: 0 UID: 0 PID: 5235 Comm: syz-executor178 Not tainted 6.11.0-rc5-syzkaller-00742-gfbdaffe41adc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003CTASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n unix_stream_read_actor+0xa6/0xb0 net/unix/af_unix.c:2959\n unix_stream_recv_urg+0x1df/0x320 net/unix/af_unix.c:2640\n unix_stream_read_generic+0x2456/0x2520 net/unix/af_unix.c:2778\n unix_stream_recvmsg+0x22b/0x2c0 net/unix/af_unix.c:2996\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x22f/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2816\n ___sys_recvmsg net/socket.c:2858 [inline]\n __sys_recvmsg+0x2f0/0x3e0 net/socket.c:2888\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5360d6b4e9\nCode: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003C48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff29b3a458 EFLAGS: 00000246 ORIG_RAX: 000000000000002f\nRAX: ffffffffffffffda RBX: 00007fff29b3a638 RCX: 00007f5360d6b4e9\nRDX: 0000000000002001 RSI: 0000000020000640 RDI: 0000000000000003\nRBP: 00007f5360dde610 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007fff29b3a628 R14: 0000000000000001 R15: 0000000000000001\n \u003C/TASK>\n\nAllocated by task 5235:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:312 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3988 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4080\n __alloc_skb+0x1c3/0x440 net/core/skbuff.c:667\n alloc_skb include/linux/skbuff.h:1320 [inline]\n alloc_skb_with_frags+0xc3/0x770 net/core/skbuff.c:6528\n sock_alloc_send_pskb+0x91a/0xa60 net/core/sock.c:2815\n sock_alloc_send_skb include/net/sock.h:1778 [inline]\n queue_oob+0x108/0x680 net/unix/af_unix.c:2198\n unix_stream_sendmsg+0xd24/0xf80 net/unix/af_unix.c:2351\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5235:\n kasan_save_stack mm/kasan/common.c:47\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54],{"_key":25},"OPENSUSE-SU-2024:14500-1",{"_key":27},"OPENSUSE-SU-2025:14705-1",{"_key":29},"UBUNTU-CVE-2024-47711",{"_key":31},"DEBIAN-CVE-2024-47711",{"_key":33},"USN-7310-1",{"_key":35},"USN-7383-1",{"_key":37},"USN-7383-2",{"_key":39},"USN-7384-1",{"_key":41},"USN-7384-2",{"_key":43},"USN-7385-1",{"_key":45},"USN-7386-1",{"_key":47},"USN-7403-1",{"_key":49},"USN-7451-1",{"_key":51},"USN-7468-1",{"_key":53},"USN-7523-1",{"_key":55},"USN-7524-1",[],[58,60,62,63],{"_key":59},"USN-7276-1",{"_key":61},"USN-7277-1",{"_key":25},{"_key":27},"2024-10-21T11:53:44.102Z","2026-05-23T15:53:47.781Z","Analyzed",{"cisa_kev":68,"cisa_ransomware":68,"cisa_vendor":9,"epss_severity":69,"epss_score":70,"severity":71,"severity_score":72,"severity_version":73,"severity_source":74,"severity_vector":75,"severity_status":66},false,"low",0.00025,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[77,83],{"url":78,"sources":79,"tags":81},"https://git.kernel.org/stable/c/4a7f9a2591a923bdde4bd7eac33490b6ae3b257c",[80,74],"cve.org",[82],"Patch",{"url":84,"sources":85,"tags":86},"https://git.kernel.org/stable/c/5aa57d9f2d5311f19434d95b2a81610aa263e23b",[80,74],[82],[],{"date":89,"score":70,"percentile":90},"2026-06-03",0.07596,[92,96,99,102,105,108,111,114,117,120,123,126,129,131,134,138,141,144,146,149,152,155,158,161,164,166,169,172,175,178,181,184,187,190,193,196,199,202,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,320,323,326,329,332,334,336,339,341,344,347,349,351],{"date":93,"score":94,"percentile":95},"2025-11-04",0.00044,0.13125,{"date":97,"score":94,"percentile":98},"2025-11-05",0.13154,{"date":100,"score":94,"percentile":101},"2025-11-06",0.13244,{"date":103,"score":94,"percentile":104},"2025-11-07",0.13256,{"date":106,"score":94,"percentile":107},"2025-11-08",0.13259,{"date":109,"score":94,"percentile":110},"2025-11-09",0.13231,{"date":112,"score":94,"percentile":113},"2025-11-10",0.13197,{"date":115,"score":94,"percentile":116},"2025-11-11",0.13213,{"date":118,"score":94,"percentile":119},"2025-11-12",0.13183,{"date":121,"score":94,"percentile":122},"2025-11-13",0.13208,{"date":124,"score":94,"percentile":125},"2025-11-14",0.13229,{"date":127,"score":94,"percentile":128},"2025-11-15",0.13215,{"date":130,"score":94,"percentile":122},"2025-11-16",{"date":132,"score":94,"percentile":133},"2025-11-17",0.13185,{"date":135,"score":136,"percentile":137},"2025-11-18",0.00061,0.14615,{"date":139,"score":136,"percentile":140},"2025-11-19",0.14633,{"date":142,"score":136,"percentile":143},"2025-11-20",0.14644,{"date":145,"score":94,"percentile":128},"2025-11-21",{"date":147,"score":94,"percentile":148},"2025-11-22",0.13219,{"date":150,"score":94,"percentile":151},"2025-11-23",0.13196,{"date":153,"score":94,"percentile":154},"2025-11-24",0.13155,{"date":156,"score":94,"percentile":157},"2025-11-25",0.13152,{"date":159,"score":94,"percentile":160},"2025-11-26",0.13145,{"date":162,"score":94,"percentile":163},"2025-11-27",0.13147,{"date":165,"score":94,"percentile":95},"2025-11-28",{"date":167,"score":70,"percentile":168},"2025-11-29",0.05997,{"date":170,"score":70,"percentile":171},"2025-11-30",0.0599,{"date":173,"score":70,"percentile":174},"2025-12-01",0.06062,{"date":176,"score":70,"percentile":177},"2025-12-02",0.06077,{"date":179,"score":70,"percentile":180},"2025-12-03",0.0609,{"date":182,"score":70,"percentile":183},"2025-12-04",0.06052,{"date":185,"score":70,"percentile":186},"2025-12-05",0.06101,{"date":188,"score":70,"percentile":189},"2025-12-06",0.0611,{"date":191,"score":70,"percentile":192},"2025-12-07",0.06114,{"date":194,"score":70,"percentile":195},"2025-12-08",0.06119,{"date":197,"score":70,"percentile":198},"2025-12-09",0.06178,{"date":200,"score":70,"percentile":201},"2025-12-10",0.06249,{"date":203,"score":70,"percentile":201},"2025-12-11",{"date":205,"score":70,"percentile":206},"2025-12-12",0.06272,{"date":208,"score":70,"percentile":209},"2025-12-13",0.06309,{"date":211,"score":70,"percentile":212},"2025-12-14",0.06276,{"date":214,"score":70,"percentile":215},"2025-12-15",0.06254,{"date":217,"score":70,"percentile":218},"2025-12-16",0.0628,{"date":220,"score":70,"percentile":221},"2025-12-17",0.06367,{"date":223,"score":70,"percentile":224},"2025-12-18",0.06421,{"date":226,"score":70,"percentile":227},"2025-12-19",0.06407,{"date":229,"score":70,"percentile":230},"2025-12-20",0.06402,{"date":232,"score":70,"percentile":233},"2025-12-21",0.06389,{"date":235,"score":70,"percentile":236},"2025-12-22",0.06339,{"date":238,"score":70,"percentile":239},"2025-12-23",0.06353,{"date":241,"score":70,"percentile":242},"2025-12-24",0.06386,{"date":244,"score":70,"percentile":245},"2025-12-25",0.06439,{"date":247,"score":70,"percentile":248},"2025-12-26",0.06431,{"date":250,"score":70,"percentile":251},"2025-12-27",0.06437,{"date":253,"score":70,"percentile":254},"2025-12-28",0.06428,{"date":256,"score":70,"percentile":257},"2025-12-29",0.0641,{"date":259,"score":70,"percentile":260},"2025-12-30",0.06391,{"date":262,"score":70,"percentile":263},"2025-12-31",0.0644,{"date":265,"score":70,"percentile":266},"2026-01-01",0.06513,{"date":268,"score":70,"percentile":269},"2026-01-02",0.06506,{"date":271,"score":70,"percentile":272},"2026-01-03",0.06493,{"date":274,"score":70,"percentile":275},"2026-01-04",0.06336,{"date":277,"score":70,"percentile":278},"2026-01-05",0.06283,{"date":280,"score":70,"percentile":281},"2026-01-06",0.06291,{"date":283,"score":70,"percentile":284},"2026-01-07",0.06315,{"date":286,"score":70,"percentile":287},"2026-01-08",0.06372,{"date":289,"score":70,"percentile":290},"2026-01-09",0.06375,{"date":292,"score":70,"percentile":293},"2026-01-10",0.06398,{"date":295,"score":70,"percentile":296},"2026-01-11",0.06396,{"date":298,"score":70,"percentile":299},"2026-01-12",0.06368,{"date":301,"score":70,"percentile":302},"2026-01-13",0.06351,{"date":304,"score":70,"percentile":305},"2026-01-14",0.06403,{"date":307,"score":70,"percentile":308},"2026-01-15",0.06409,{"date":310,"score":70,"percentile":311},"2026-01-16",0.06425,{"date":313,"score":70,"percentile":314},"2026-01-17",0.06436,{"date":316,"score":70,"percentile":317},"2026-01-18",0.06433,{"date":319,"score":70,"percentile":227},"2026-01-19",{"date":321,"score":70,"percentile":322},"2026-01-20",0.06365,{"date":324,"score":70,"percentile":325},"2026-01-21",0.06363,{"date":327,"score":70,"percentile":328},"2026-01-22",0.0633,{"date":330,"score":70,"percentile":331},"2026-01-23",0.06399,{"date":333,"score":70,"percentile":245},"2026-01-24",{"date":335,"score":70,"percentile":305},"2026-01-25",{"date":337,"score":70,"percentile":338},"2026-01-26",0.0639,{"date":340,"score":70,"percentile":290},"2026-01-27",{"date":342,"score":70,"percentile":343},"2026-01-28",0.06349,{"date":345,"score":70,"percentile":346},"2026-01-29",0.06348,{"date":348,"score":70,"percentile":299},"2026-01-30",{"date":350,"score":70,"percentile":322},"2026-01-31",{"date":352,"score":70,"percentile":257},"2026-02-01",[354],{"source":74,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":355,"cvss_v4_0":9},{"baseScore":72,"baseSeverity":356,"vectorString":75,"impactScore":357,"exploitabilityScore":358},"HIGH",9.8,4.6,[360,382],{"ecosystem":9,"name":361,"vendor":362,"product":362,"cpe_part":363,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":364},"Linux","linux","a",[365,372,375,377,381],{"version":366,"is_range":367,"range_type":80,"version_start":368,"version_start_type":369,"version_end":370,"version_end_type":371,"fixed_in":9},">= 93c99f21db360957d49853e5666b5c147f593bda, \u003C 4a7f9a2591a923bdde4bd7eac33490b6ae3b257c",true,"93c99f21db360957d49853e5666b5c147f593bda","including","4a7f9a2591a923bdde4bd7eac33490b6ae3b257c","excluding",{"version":373,"is_range":367,"range_type":80,"version_start":368,"version_start_type":369,"version_end":374,"version_end_type":371,"fixed_in":9},">= 93c99f21db360957d49853e5666b5c147f593bda, \u003C 5aa57d9f2d5311f19434d95b2a81610aa263e23b","5aa57d9f2d5311f19434d95b2a81610aa263e23b",{"version":376,"is_range":68,"range_type":80,"version_start":376,"version_start_type":369,"version_end":376,"version_end_type":369,"fixed_in":9},"71f8d9a4f6e094bae951765d1d18b44827013001",{"version":378,"is_range":367,"range_type":80,"version_start":379,"version_start_type":369,"version_end":380,"version_end_type":371,"fixed_in":9},">= 6.9.8, \u003C 6.10","6.9.8","6.10",{"version":380,"is_range":68,"range_type":80,"version_start":380,"version_start_type":369,"version_end":380,"version_end_type":369,"fixed_in":9},{"ecosystem":9,"name":383,"vendor":362,"product":384,"cpe_part":385,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":386},"linux kernel","linux_kernel","o",[387,390],{"version":388,"is_range":367,"range_type":389,"version_start":379,"version_start_type":369,"version_end":380,"version_end_type":371,"fixed_in":9},"gte6.9.8_lt6.10","cpe",{"version":391,"is_range":367,"range_type":389,"version_start":380,"version_start_type":369,"version_end":392,"version_end_type":371,"fixed_in":9},"gte6.10_lt6.11.2","6.11.2"]