CVE-2024-50099

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 12, 2024

Summary

CVE-2024-50099: A vulnerability in the Linux kernel's uprobes system has been addressed. The issue lies in the outdated use of functions, simulate_ldr_literal() and simulate_ldrsw_literal(), designed for kprobes but reused for uprobes. These functions, which are unsafe for user memory access, can lead to kernel instability and potential system crashes. The primary concerns are unintended accesses to user memory, hardware and software panics, and privileged access to a small range of kernel virtual addresses. To mitigate these risks, uprobes have been restricted from using LDR (literal) and LDRSW (literal) instructions. Future improvements may be considered for safe uprobes support, but for now, the use of these functions is rejected.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share