CVE-2024-50281
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50281 is a vulnerability affecting the Linux kernel. It involves a NULL dereference issue in the Advanced Encryption Standard-Authenticated Data (AES-GCM) crypto operation during key blob creation in the Data Control Panel (DCP) driver. The issue arises due to the system exiting before the AES-GCM cipher operation is completed, resulting in the buffer being removed from the stack and a NULL pointer dereference. To mitigate this vulnerability, the Linux kernel has been updated to wait for the AES-GCM cipher operation to finish before resuming seal and unseal calls.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX