CVE-2024-50096
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Nov 5, 2024
Updated: Nov 12, 2024
Summary
CVE-2024-50096 is a vulnerability affecting the Linux kernel's nouveau driver. The issue lies in the `nouveau_dmem_copy_one` function, which sends a copy push command to the device firmware but fails to track whether it was executed successfully. In case of a copy error, the function may report success, and the `migrate_to_ram` function could return a dirty HIGH_USER page containing sensitive or corrupted data to the user. To mitigate this vulnerability, the affected kernel has been updated to allocate a zero page to be returned in the event of an error.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share