CVE-2024-50301
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-50301 is a vulnerability affecting the Linux kernel that involves an out-of-bounds read in the key\_task\_permission function. The issue arises due to a condition where a shortcut key is mistakenly treated as a key*, leading to a read out-of-bounds. This can be triggered when a slot of the root node points to a shortcut. The vulnerability can be reproduced by adding more than 32 keys with similar hashes, some of which have the pattern '0xxxxxxxe6'. The kernel team has resolved this issue by modifying the code to correctly handle shortcuts in the root node.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX