CVE-2024-50274

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 27, 2024
CWE ID 416

Summary

CVE-2024-50274 is a vulnerability impacting the Linux kernel that has been addressed. In the idpf driver, during device control plane removal or platform reboot, if a reset fails, the vport lock is released and attempts to access link settings may result in accessing a released vport pointer. To mitigate this issue, the link_speed_mbps has been moved to netdev_priv structure, removing the dependency on the vport pointer and the vport lock in idpf_get_link_ksettings. Additionally, netif_carrier_ok() is used to check the link status and adjust the offsetof to use link_up instead of link_speed_mbps.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share