CVE-2024-50124

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 416

Summary

CVE-2024-50124 is a newly identified vulnerability in the Linux kernel. This issue affects the Bluetooth ISO subsystem where the iso_sock_timeout function may cause a Use-After-Free (UAF) condition. If a connection's socket (conn->sk) is unlinked or freed while waiting for the iso_conn_lock, it can lead to the iso_sock_timeout function accessing an invalid socket. This vulnerability could potentially be exploited by attackers to execute arbitrary code or cause denial-of-service conditions. Linux users are advised to apply the necessary patch to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share