CVE-2024-50281

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 21, 2024
CWE ID 476

Summary

CVE-2024-50281 is a vulnerability affecting the Linux kernel. It involves a NULL dereference issue in the Advanced Encryption Standard-Authenticated Data (AES-GCM) crypto operation during key blob creation in the Data Control Panel (DCP) driver. The issue arises due to the system exiting before the AES-GCM cipher operation is completed, resulting in the buffer being removed from the stack and a NULL pointer dereference. To mitigate this vulnerability, the Linux kernel has been updated to wait for the AES-GCM cipher operation to finish before resuming seal and unseal calls.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share