CVE-2024-56647: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56647 is a vulnerability in the Linux kernel's networking subsystem, specifically related to ICMP host relookup functionality. The vulnerability was discovered and disclosed on December 27, 2024, affecting Linux kernel versions from 2.6.25 up to (excluding) 6.12.5, and version 6.13-rc1. The issue occurs when ARP link failure triggers iprtbug while XFRM (IPsec framework) is enabled (NVD).

The vulnerability stems from icmproutelookup() creating input routes for locally generated packets during XFRM relookup of ICMP traffic. When handling ICMP errors triggered by locally generated packets, the destination device of the output route is set to loopback, which then incorrectly sets the input route (dst->out = iprtbug) to skb for DESTUNREACH. The issue manifests when XFRM is enabled, despite XFRM relookup verification not being required on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can lead to a denial of service condition when specific networking conditions are met, particularly affecting systems with XFRM (IPsec) enabled. The impact is primarily on system availability, with no direct effect on confidentiality or integrity (NVD).

The vulnerability has been fixed in Linux kernel version 6.12.5 and later. The fix involves skipping ICMP relookup for locally generated packets when the destination address is local. The patch has been backported to various stable kernel versions (Kernel Patch).