CVE-2024-50257

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 9, 2024

Updated: Nov 14, 2024

CWE ID 416

Summary

CVE-2024-50257: A use-after-free vulnerability was discovered in the Linux kernel's netfilter component, specifically in the ip6table_nat module. The issue arises when concurrently executing module unload and get_info() functions. The root cause is a race condition where the xt_table module is being removed from the system while get_info() is still trying to access its reference count, resulting in a use-after-free condition. The vulnerability can lead to memory corruption, potentially allowing an attacker to execute arbitrary code or cause a denial-of-service condition. Users are advised to update their Linux kernel to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners