CVE-2024-50227

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 9, 2024

Updated: Nov 13, 2024

CWE ID 125

Summary

CVE-2024-50227 is a Linux kernel vulnerability that affected the thunderbolt driver. The issue was caused by a stack out-of-bounds read in the function tb_retimer_scan(). A KASAN report indicated that the read size was 4 bytes, and the data was being read from the address 0xfff88810111fc1c by the task kworker/u56:0/11. The root cause was a loop variable that was not properly initialized, causing the array to be read past its bounds. The vulnerability has been resolved by assigning the correct value to the loop variable directly in the loop body.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zuYAkB
https://www.cve.org/CVERecord?id=CVE-2024-50227
https://nvd.nist.gov/vuln/detail/CVE-2024-50227

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners