CVE-2024-56783: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56783 is a vulnerability in the Linux kernel's netfilter component, specifically in the nft_socket functionality. The issue was discovered and reported through the syzkaller automated testing system. The vulnerability affects Linux kernel versions from 6.1.112 up to 6.1.120, 6.6.53 up to 6.6.66, and 6.10.12 up to 6.12.5, as well as version 6.13-rc1 (NVD).

The vulnerability relates to an unnecessary WARNONONCE condition in the netfilter's nftsocket component when handling cgroup maximum levels. The cgroup maximum depth is set to INTMAX by default, with an option to restrict this maximum depth to a more reasonable value for performance optimization. The issue stems from an unnecessary warning condition that could be triggered from userspace (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability's impact is primarily related to potential system performance degradation, as indicated by the CVSS score which shows high availability impact (A:H) but no confidentiality or integrity impacts. The issue could potentially be triggered from userspace, affecting system stability (NVD).

The vulnerability has been fixed by removing the unnecessary WARNONONCE condition in the netfilter code. The fix has been implemented in multiple kernel versions through patches, as evidenced by the commit b7529880cb961d515642ce63f9d7570869bbbdc3 (Kernel Patch). Users should upgrade to the fixed versions: beyond 6.1.120, 6.6.66, or 6.12.5 depending on their kernel branch (NVD).