CVE-2024-50168

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 7, 2024
Updated: Nov 13, 2024
CWE ID 401

Summary

CVE-2024-50168 is a vulnerability affecting the Linux kernel. In the net/sun3_82586 module, the sun3_82586_send_packet() function was identified with a potential memory leak. Under certain conditions, the function returns NETDEV_TX_OK without freeing an skb (Socket Buffer) when its length is excessive. To address this issue, the developers added dev_kfree_skb() to properly release the memory and prevent potential memory exhaustion.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share