CVE-2024-50128

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 125

Summary

CVE-2024-50132 is a vulnerability affecting the Linux kernel that has been addressed. The issue involved the creation of trace_probes, where the number of arguments (nr_args) was set before being truncated to the MAX_TRACE_ARGS limit. This resulted in invalid memory access when attempting to set up probes with more than 128 fetchargs, leading to a kernel NULL pointer dereference and a page fault. The vulnerability has been resolved by applying the MAX_TRACE_ARGS limit earlier and returning an error when there are too many arguments instead of silently truncating.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share