CVE-2024-50126

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 14, 2024
CWE ID 416

Summary

CVE-2024-50126 is a vulnerability affecting the Linux kernel that could lead to a use-after-free issue in the 'taprio_dump()' function. This vulnerability was discovered during an investigation into a kernel crash caused by a KASAN detection on an arm64 system. The issue occurs due to the use of an RCU read-side critical section in the 'taprio_dump()' function, which could result in memory being freed prematurely and later used, causing a use-after-free condition. The vulnerability was found in the net subsystem and was traced to the interaction between several kernel functions, including 'tc_modify_qdisc', 'rtnetlink_rcv_msg', and 'netlink_unicast'. The issue could potentially lead to an arbitrary code execution or denial-of-service attack. The vulnerability has been resolved by adding an RCU read-side critical section to the 'taprio_dump()' function.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share