CVE-2024-50301

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 21, 2024
CWE ID 125

Summary

CVE-2024-50301 is a vulnerability affecting the Linux kernel that involves an out-of-bounds read in the key\_task\_permission function. The issue arises due to a condition where a shortcut key is mistakenly treated as a key*, leading to a read out-of-bounds. This can be triggered when a slot of the root node points to a shortcut. The vulnerability can be reproduced by adding more than 32 keys with similar hashes, some of which have the pattern '0xxxxxxxe6'. The kernel team has resolved this issue by modifying the code to correctly handle shortcuts in the root node.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share