CVE-2024-56783

low-risk

Published 2025-01-08

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/2f9bec0a749eb646b384fde0c7b7c24687b2ffae

Patch https://git.kernel.org/stable/c/7064a6daa4a700a298fe3aee11dea296bfe59fc4

Patch https://git.kernel.org/stable/c/b7529880cb961d515642ce63f9d7570869bbbdc3

Patch https://git.kernel.org/stable/c/e227c042580ab065edc610c9ddc9bea691e6fc4d

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low