CVE-2024-50252

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 9, 2024
Updated: Nov 14, 2024
CWE ID 401

Summary

CVE-2024-50252: A memory leak vulnerability has been identified and resolved in the Linux kernel's mlxsw spectrum IPv6 module. Changing the remote IPv6 address of an ip6gre net device did not properly update the device's hash table, resulting in a memory leak. The issue occurred due to the new address not being added and the old address not being removed. The vulnerability can be exploited by repeatedly changing the remote IPv6 address, causing a memory leak and potential system instability. The issue has been resolved by updating the Linux kernel to properly manage the device's IPv6 addresses.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share