CVE-2024-50254
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50254 is a vulnerability in the Linux kernel's bpf subsystem. The issue lies in the inaccurate check in bpf_iter_bits_destroy(), which may lead to a kmemleak. This occurs due to the incorrect assumption that nr_bits will not be zero after iterating all the bits. To mitigate the issue, modify the check in bpf_iter_bits_next() to use "!nr_bits || bits >= nr_bits," set kit->bit to kit->nr_bits instead of zeroing kit->nr_bits, and change the type of kit->nr_bits to int. This patch addresses the potential overflow problem and ensures proper handling of dynamically allocated bits.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX