CVE-2024-50127

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 416

Summary

CVE-2024-50127 is a vulnerability affecting the Linux kernel. In the function 'taprio_change()', a use-after-free issue occurs due to the 'admin' pointer becoming dangling during scheduler switching or removal. This vulnerability arises because the critical section guarded by 'q->current_entry_lock' is too small, allowing for an instance where the memory is freed before being properly updated. The vulnerability has been addressed by using 'rcu_replace_pointer()' instead of 'rcu_assign_pointer()' to update 'admin' prior to scheduling memory freeing operations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share