CVE-2024-50123

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 125

Summary

CVE-2024-50123 is a newly identified vulnerability in the Linux kernel. It involves an out-of-bounds read issue in the function bpf_link_show_fdinfo(), specifically related to sockmap links. The root cause is a missing BPF_LINK_TYPE invocation for sockmap links. To mitigate this vulnerability, the required BPF_LINK_TYPE invocation has been added, along with comments to prevent similar oversights in the future.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share