CVE-2024-56718: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56718 is a vulnerability in the Linux kernel's SMC (Shared Memory Communication) networking component, discovered and disclosed on December 29, 2024. The vulnerability affects Linux kernel versions from 5.8 up to (excluding) 6.1.122, from 6.2 up to (excluding) 6.6.68, from 6.7 up to (excluding) 6.12.7, and release candidates 6.13-rc1 through 6.13-rc3. The issue involves a race condition in the link down work handling that could lead to system crashes (NVD).

The vulnerability occurs in the net/smc subsystem where link down work may be scheduled before lgr (Link Group) is freed but executed after lgr is freed, resulting in a potential system crash. The issue stems from improper reference handling in the link down work scheduling mechanism. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a system crash due to list_del corruption, leading to a denial of service condition. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed through patches that implement proper reference counting in the SMC link down work handling. The fix includes holding a reference before scheduling link down work and releasing it after work execution or cancellation. System administrators should update to Linux kernel versions 6.1.122, 6.6.68, or 6.12.7 or later, depending on their kernel branch (Kernel Patch).