CVE-2024-50274
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-50274 is a vulnerability impacting the Linux kernel that has been addressed. In the idpf driver, during device control plane removal or platform reboot, if a reset fails, the vport lock is released and attempts to access link settings may result in accessing a released vport pointer. To mitigate this issue, the link_speed_mbps has been moved to netdev_priv structure, removing the dependency on the vport pointer and the vport lock in idpf_get_link_ksettings. Additionally, netif_carrier_ok() is used to check the link status and adjust the offsetof to use link_up instead of link_speed_mbps.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX