CVE-2024-50228

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Nov 9, 2024

Updated: Nov 13, 2024

CWE ID 362

Summary

CVE-2024-50228 is a Linux kernel vulnerability affecting the shmem subsystem. A data race was discovered in the shmem_getattr() function, specifically in the use of generic_fillattr(). This data race can lead to unexpected behavior when read-locks are not held, as reported by the Kernel Concurrency Sanitizer during syzbot testing. The issue arises from the lack of special protection when calling generic_fillattr() from shmem_getattr(). To mitigate this vulnerability, it is recommended to protect the inode using inode_lock_shared() and inode_unlock_shared() when calling generic_fillattr() from shmem_getattr().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners