Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-1031
Vulnerability from certfr_avis - Published: 2024-11-29 - Updated: 2024-11-29
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.119-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53054"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-43868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43868"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50228"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-35964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35964"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53070"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
}
],
"initial_release_date": "2024-11-29T00:00:00",
"last_revision_date": "2024-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5818-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
}
]
}
CVE-2024-50243 (GCVE-0-2024-50243)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
fs/ntfs3: Fix general protection fault in run_is_mapped_full
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix general protection fault in run_is_mapped_full
Fixed deleating of a non-resident attribute in ntfs_create_inode()
rollback.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 509c1c6b499a4d9026b58c6e1c3a10ed8db1839f
(git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 68b39c0765de7c97b34889c1f5e81c2a223fdacc (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 8e87c9aa8cf92cfceaff0aab244318bbb8b35137 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < a33fb016e49e37aafab18dc3c8314d6399cb4727 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 6.1.118 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "509c1c6b499a4d9026b58c6e1c3a10ed8db1839f",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "68b39c0765de7c97b34889c1f5e81c2a223fdacc",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "8e87c9aa8cf92cfceaff0aab244318bbb8b35137",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "a33fb016e49e37aafab18dc3c8314d6399cb4727",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.118",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix general protection fault in run_is_mapped_full\n\nFixed deleating of a non-resident attribute in ntfs_create_inode()\nrollback."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:16.964Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/509c1c6b499a4d9026b58c6e1c3a10ed8db1839f"
},
{
"url": "https://git.kernel.org/stable/c/68b39c0765de7c97b34889c1f5e81c2a223fdacc"
},
{
"url": "https://git.kernel.org/stable/c/8e87c9aa8cf92cfceaff0aab244318bbb8b35137"
},
{
"url": "https://git.kernel.org/stable/c/a33fb016e49e37aafab18dc3c8314d6399cb4727"
}
],
"title": "fs/ntfs3: Fix general protection fault in run_is_mapped_full",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50243",
"datePublished": "2024-11-09T10:14:52.866Z",
"dateReserved": "2024-10-21T19:36:19.977Z",
"dateUpdated": "2026-05-11T20:48:16.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50244 (GCVE-0-2024-50244)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
fs/ntfs3: Additional check in ni_clear()
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Additional check in ni_clear()
Checking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to
uninitialized bitmap during replay process.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 60fb94ef46c2359dd06cbe30bfc2499f639433df
(git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 14a23e15a5e8331bb0cf21288723fa530a45b2a4 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 7a4ace681dbb652aeb40e1b88f9134b880fdeeb5 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 80824967ec714dda02cd79091aa186bbc16c5cf3 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < d178944db36b3369b78a08ba520de109b89bf2a9 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:16:05.889161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:26.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:24.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/frecord.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "60fb94ef46c2359dd06cbe30bfc2499f639433df",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "14a23e15a5e8331bb0cf21288723fa530a45b2a4",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "7a4ace681dbb652aeb40e1b88f9134b880fdeeb5",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "80824967ec714dda02cd79091aa186bbc16c5cf3",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "d178944db36b3369b78a08ba520de109b89bf2a9",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/frecord.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Additional check in ni_clear()\n\nChecking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to\nuninitialized bitmap during replay process."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:18.126Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/60fb94ef46c2359dd06cbe30bfc2499f639433df"
},
{
"url": "https://git.kernel.org/stable/c/14a23e15a5e8331bb0cf21288723fa530a45b2a4"
},
{
"url": "https://git.kernel.org/stable/c/7a4ace681dbb652aeb40e1b88f9134b880fdeeb5"
},
{
"url": "https://git.kernel.org/stable/c/80824967ec714dda02cd79091aa186bbc16c5cf3"
},
{
"url": "https://git.kernel.org/stable/c/d178944db36b3369b78a08ba520de109b89bf2a9"
}
],
"title": "fs/ntfs3: Additional check in ni_clear()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50244",
"datePublished": "2024-11-09T10:14:53.567Z",
"dateReserved": "2024-10-21T19:36:19.978Z",
"dateUpdated": "2026-05-11T20:48:18.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50245 (GCVE-0-2024-50245)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
fs/ntfs3: Fix possible deadlock in mi_read
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix possible deadlock in mi_read
Mutex lock with another subclass used in ni_lock_dir().
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 47e8a17491e37df53743bc2e72309f8f0d6224af
(git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < c8e7d3b72ee57e43d58ba560fe7970dd840a4061 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 34e3220efd666d49965a26840d39f27601ce70f4 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < f1bc362fe978952a9304bd0286788b0ae7724f14 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 03b097099eef255fbf85ea6a786ae3c91b11f041 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:16:02.184393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:26.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:25.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "47e8a17491e37df53743bc2e72309f8f0d6224af",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "c8e7d3b72ee57e43d58ba560fe7970dd840a4061",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "34e3220efd666d49965a26840d39f27601ce70f4",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "f1bc362fe978952a9304bd0286788b0ae7724f14",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "03b097099eef255fbf85ea6a786ae3c91b11f041",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix possible deadlock in mi_read\n\nMutex lock with another subclass used in ni_lock_dir()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:19.345Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/47e8a17491e37df53743bc2e72309f8f0d6224af"
},
{
"url": "https://git.kernel.org/stable/c/c8e7d3b72ee57e43d58ba560fe7970dd840a4061"
},
{
"url": "https://git.kernel.org/stable/c/34e3220efd666d49965a26840d39f27601ce70f4"
},
{
"url": "https://git.kernel.org/stable/c/f1bc362fe978952a9304bd0286788b0ae7724f14"
},
{
"url": "https://git.kernel.org/stable/c/03b097099eef255fbf85ea6a786ae3c91b11f041"
}
],
"title": "fs/ntfs3: Fix possible deadlock in mi_read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50245",
"datePublished": "2024-11-09T10:14:54.403Z",
"dateReserved": "2024-10-21T19:36:19.978Z",
"dateUpdated": "2026-05-11T20:48:19.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50247 (GCVE-0-2024-50247)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
fs/ntfs3: Check if more than chunk-size bytes are written
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written
A incorrectly formatted chunk may decompress into
more than LZNT_CHUNK_SIZE bytes and a index out of bounds
will occur in s_max_off.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < e5ae7859008688626b4d2fa6139eeaa08e255053
(git)
Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 1b6bc5f7212181093b6c5310eea216fc09c721a9 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 5f21e3e60982cd7353998b4f59f052134fd47d64 (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 4a4727bc582832f354e0d3d49838a401a28ae25e (git) Affected: 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e , < 9931122d04c6d431b2c11b5bb7b10f28584067f0 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:58.403606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:25.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:27.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/lznt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e5ae7859008688626b4d2fa6139eeaa08e255053",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "1b6bc5f7212181093b6c5310eea216fc09c721a9",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "5f21e3e60982cd7353998b4f59f052134fd47d64",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "4a4727bc582832f354e0d3d49838a401a28ae25e",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
},
{
"lessThan": "9931122d04c6d431b2c11b5bb7b10f28584067f0",
"status": "affected",
"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs3/lznt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check if more than chunk-size bytes are written\n\nA incorrectly formatted chunk may decompress into\nmore than LZNT_CHUNK_SIZE bytes and a index out of bounds\nwill occur in s_max_off."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:21.638Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e5ae7859008688626b4d2fa6139eeaa08e255053"
},
{
"url": "https://git.kernel.org/stable/c/1b6bc5f7212181093b6c5310eea216fc09c721a9"
},
{
"url": "https://git.kernel.org/stable/c/5f21e3e60982cd7353998b4f59f052134fd47d64"
},
{
"url": "https://git.kernel.org/stable/c/4a4727bc582832f354e0d3d49838a401a28ae25e"
},
{
"url": "https://git.kernel.org/stable/c/9931122d04c6d431b2c11b5bb7b10f28584067f0"
}
],
"title": "fs/ntfs3: Check if more than chunk-size bytes are written",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50247",
"datePublished": "2024-11-09T10:14:56.165Z",
"dateReserved": "2024-10-21T19:36:19.978Z",
"dateUpdated": "2026-05-11T20:48:21.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50249 (GCVE-0-2024-50249)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-23 15:54
VLAI
EPSS
Title
ACPI: CPPC: Make rmw_lock a raw_spin_lock
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmw_lock a raw_spin_lock
The following BUG was triggered:
=============================
[ BUG: Invalid wait context ]
6.12.0-rc2-XXX #406 Not tainted
-----------------------------
kworker/1:1/62 is trying to lock:
ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370
other info that might help us debug this:
context-{5:5}
2 locks held by kworker/1:1/62:
#0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50
#1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280
stack backtrace:
CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406
Workqueue: 0x0 (events)
Call trace:
dump_backtrace+0xa4/0x130
show_stack+0x20/0x38
dump_stack_lvl+0x90/0xd0
dump_stack+0x18/0x28
__lock_acquire+0x480/0x1ad8
lock_acquire+0x114/0x310
_raw_spin_lock+0x50/0x70
cpc_write+0xcc/0x370
cppc_set_perf+0xa0/0x3a8
cppc_cpufreq_fast_switch+0x40/0xc0
cpufreq_driver_fast_switch+0x4c/0x218
sugov_update_shared+0x234/0x280
update_load_avg+0x6ec/0x7b8
dequeue_entities+0x108/0x830
dequeue_task_fair+0x58/0x408
__schedule+0x4f0/0x1070
schedule+0x54/0x130
worker_thread+0xc0/0x2e8
kthread+0x130/0x148
ret_from_fork+0x10/0x20
sugov_update_shared() locks a raw_spinlock while cpc_write() locks a
spinlock.
To have a correct wait-type order, update rmw_lock to a raw spinlock and
ensure that interrupts will be disabled on the CPU holding it.
[ rjw: Changelog edits ]
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
94e8c988468dafde1d2bfe0532a60a3117f6394b , < c46d6b02588000c27b7b869388c2c0278bd0d173
(git)
Affected: f812ca13a0d3e3aa418da36b66ca40df0d6f9e60 , < 23039b4aaf1e82e0feea1060834d4ec34262e453 (git) Affected: 8ad28208be7bbe748e90442c45963ddbef0fd1e2 , < 0eb2b767c42fac61ab23c4063eb456baa4c2c262 (git) Affected: 20cde05aa8bcd7a5ff36a609d813189b7cdbe692 , < 43b1df48d1e7000a214acd1a81b8012ca8a929c8 (git) Affected: 60949b7b805424f21326b450ca4f1806c06d982e , < 1c10941e34c5fdc0357e46a25bd130d9cf40b925 (git) Affected: 82cee12ada68dfd438c7faca152dbfe042868743 (git) Affected: 6.10.13 , < 6.11 (semver) |
|
| Linux | Linux |
Affected:
5.15.168 , < 5.15.171
(semver)
Affected: 6.1.113 , < 6.1.116 (semver) Affected: 6.6.54 , < 6.6.60 (semver) Affected: 6.11.2 , < 6.11.7 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:54.957362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:25.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:28.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/cppc_acpi.c",
"include/acpi/cppc_acpi.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c46d6b02588000c27b7b869388c2c0278bd0d173",
"status": "affected",
"version": "94e8c988468dafde1d2bfe0532a60a3117f6394b",
"versionType": "git"
},
{
"lessThan": "23039b4aaf1e82e0feea1060834d4ec34262e453",
"status": "affected",
"version": "f812ca13a0d3e3aa418da36b66ca40df0d6f9e60",
"versionType": "git"
},
{
"lessThan": "0eb2b767c42fac61ab23c4063eb456baa4c2c262",
"status": "affected",
"version": "8ad28208be7bbe748e90442c45963ddbef0fd1e2",
"versionType": "git"
},
{
"lessThan": "43b1df48d1e7000a214acd1a81b8012ca8a929c8",
"status": "affected",
"version": "20cde05aa8bcd7a5ff36a609d813189b7cdbe692",
"versionType": "git"
},
{
"lessThan": "1c10941e34c5fdc0357e46a25bd130d9cf40b925",
"status": "affected",
"version": "60949b7b805424f21326b450ca4f1806c06d982e",
"versionType": "git"
},
{
"status": "affected",
"version": "82cee12ada68dfd438c7faca152dbfe042868743",
"versionType": "git"
},
{
"lessThan": "6.11",
"status": "affected",
"version": "6.10.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/cppc_acpi.c",
"include/acpi/cppc_acpi.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.15.171",
"status": "affected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThan": "6.1.116",
"status": "affected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThan": "6.6.60",
"status": "affected",
"version": "6.6.54",
"versionType": "semver"
},
{
"lessThan": "6.11.7",
"status": "affected",
"version": "6.11.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.15.168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "6.1.113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "6.6.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "6.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Make rmw_lock a raw_spin_lock\n\nThe following BUG was triggered:\n\n=============================\n[ BUG: Invalid wait context ]\n6.12.0-rc2-XXX #406 Not tainted\n-----------------------------\nkworker/1:1/62 is trying to lock:\nffffff8801593030 (\u0026cpc_ptr-\u003ermw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370\nother info that might help us debug this:\ncontext-{5:5}\n2 locks held by kworker/1:1/62:\n #0: ffffff897ef5ec98 (\u0026rq-\u003e__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50\n #1: ffffff880154e238 (\u0026sg_policy-\u003eupdate_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280\nstack backtrace:\nCPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406\nWorkqueue: 0x0 (events)\nCall trace:\n dump_backtrace+0xa4/0x130\n show_stack+0x20/0x38\n dump_stack_lvl+0x90/0xd0\n dump_stack+0x18/0x28\n __lock_acquire+0x480/0x1ad8\n lock_acquire+0x114/0x310\n _raw_spin_lock+0x50/0x70\n cpc_write+0xcc/0x370\n cppc_set_perf+0xa0/0x3a8\n cppc_cpufreq_fast_switch+0x40/0xc0\n cpufreq_driver_fast_switch+0x4c/0x218\n sugov_update_shared+0x234/0x280\n update_load_avg+0x6ec/0x7b8\n dequeue_entities+0x108/0x830\n dequeue_task_fair+0x58/0x408\n __schedule+0x4f0/0x1070\n schedule+0x54/0x130\n worker_thread+0xc0/0x2e8\n kthread+0x130/0x148\n ret_from_fork+0x10/0x20\n\nsugov_update_shared() locks a raw_spinlock while cpc_write() locks a\nspinlock.\n\nTo have a correct wait-type order, update rmw_lock to a raw spinlock and\nensure that interrupts will be disabled on the CPU holding it.\n\n[ rjw: Changelog edits ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:54:52.293Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173"
},
{
"url": "https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34262e453"
},
{
"url": "https://git.kernel.org/stable/c/0eb2b767c42fac61ab23c4063eb456baa4c2c262"
},
{
"url": "https://git.kernel.org/stable/c/43b1df48d1e7000a214acd1a81b8012ca8a929c8"
},
{
"url": "https://git.kernel.org/stable/c/1c10941e34c5fdc0357e46a25bd130d9cf40b925"
}
],
"title": "ACPI: CPPC: Make rmw_lock a raw_spin_lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50249",
"datePublished": "2024-11-09T10:14:57.833Z",
"dateReserved": "2024-10-21T19:36:19.979Z",
"dateUpdated": "2026-05-23T15:54:52.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50250 (GCVE-0-2024-50250)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-23 15:54
VLAI
EPSS
Title
fsdax: dax_unshare_iter needs to copy entire blocks
Summary
In the Linux kernel, the following vulnerability has been resolved:
fsdax: dax_unshare_iter needs to copy entire blocks
The code that copies data from srcmap to iomap in dax_unshare_iter is
very very broken, which bfoster's recent fsx changes have exposed.
If the pos and len passed to dax_file_unshare are not aligned to an
fsblock boundary, the iter pos and length in the _iter function will
reflect this unalignment.
dax_iomap_direct_access always returns a pointer to the start of the
kmapped fsdax page, even if its pos argument is in the middle of that
page. This is catastrophic for data integrity when iter->pos is not
aligned to a page, because daddr/saddr do not point to the same byte in
the file as iter->pos. Hence we corrupt user data by copying it to the
wrong place.
If iter->pos + iomap_length() in the _iter function not aligned to a
page, then we fail to copy a full block, and only partially populate the
destination block. This is catastrophic for data confidentiality
because we expose stale pmem contents.
Fix both of these issues by aligning copy_pos/copy_len to a page
boundary (remember, this is fsdax so 1 fsblock == 1 base page) so that
we always copy full blocks.
We're not done yet -- there's no call to invalidate_inode_pages2_range,
so programs that have the file range mmap'd will continue accessing the
old memory mapping after the file metadata updates have completed.
Be careful with the return value -- if the unshare succeeds, we still
need to return the number of bytes that the iomap iter thinks we're
operating on.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1bec6782a25c9b92c203ea7a1b3e3dc6a468cbc4 , < bdbc96c23197d773a7d1bf03e4f11de593b0ff28
(git)
Affected: d984648e428bf88cbd94ebe346c73632cb92fffb , < 9bc18bb476e50e32e5d08f2734d63d63e0fa528c (git) Affected: d984648e428bf88cbd94ebe346c73632cb92fffb , < 8e9c0f500b42216ef930f5c0d1703989a451913d (git) Affected: d984648e428bf88cbd94ebe346c73632cb92fffb , < 50793801fc7f6d08def48754fb0f0706b0cfc394 (git) Affected: 6.1.113 , < 6.1.116 (semver) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:51.723590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:25.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:30.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/dax.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bdbc96c23197d773a7d1bf03e4f11de593b0ff28",
"status": "affected",
"version": "1bec6782a25c9b92c203ea7a1b3e3dc6a468cbc4",
"versionType": "git"
},
{
"lessThan": "9bc18bb476e50e32e5d08f2734d63d63e0fa528c",
"status": "affected",
"version": "d984648e428bf88cbd94ebe346c73632cb92fffb",
"versionType": "git"
},
{
"lessThan": "8e9c0f500b42216ef930f5c0d1703989a451913d",
"status": "affected",
"version": "d984648e428bf88cbd94ebe346c73632cb92fffb",
"versionType": "git"
},
{
"lessThan": "50793801fc7f6d08def48754fb0f0706b0cfc394",
"status": "affected",
"version": "d984648e428bf88cbd94ebe346c73632cb92fffb",
"versionType": "git"
},
{
"lessThan": "6.1.116",
"status": "affected",
"version": "6.1.113",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/dax.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "6.1.113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: dax_unshare_iter needs to copy entire blocks\n\nThe code that copies data from srcmap to iomap in dax_unshare_iter is\nvery very broken, which bfoster\u0027s recent fsx changes have exposed.\n\nIf the pos and len passed to dax_file_unshare are not aligned to an\nfsblock boundary, the iter pos and length in the _iter function will\nreflect this unalignment.\n\ndax_iomap_direct_access always returns a pointer to the start of the\nkmapped fsdax page, even if its pos argument is in the middle of that\npage. This is catastrophic for data integrity when iter-\u003epos is not\naligned to a page, because daddr/saddr do not point to the same byte in\nthe file as iter-\u003epos. Hence we corrupt user data by copying it to the\nwrong place.\n\nIf iter-\u003epos + iomap_length() in the _iter function not aligned to a\npage, then we fail to copy a full block, and only partially populate the\ndestination block. This is catastrophic for data confidentiality\nbecause we expose stale pmem contents.\n\nFix both of these issues by aligning copy_pos/copy_len to a page\nboundary (remember, this is fsdax so 1 fsblock == 1 base page) so that\nwe always copy full blocks.\n\nWe\u0027re not done yet -- there\u0027s no call to invalidate_inode_pages2_range,\nso programs that have the file range mmap\u0027d will continue accessing the\nold memory mapping after the file metadata updates have completed.\n\nBe careful with the return value -- if the unshare succeeds, we still\nneed to return the number of bytes that the iomap iter thinks we\u0027re\noperating on."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:54:53.355Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bdbc96c23197d773a7d1bf03e4f11de593b0ff28"
},
{
"url": "https://git.kernel.org/stable/c/9bc18bb476e50e32e5d08f2734d63d63e0fa528c"
},
{
"url": "https://git.kernel.org/stable/c/8e9c0f500b42216ef930f5c0d1703989a451913d"
},
{
"url": "https://git.kernel.org/stable/c/50793801fc7f6d08def48754fb0f0706b0cfc394"
}
],
"title": "fsdax: dax_unshare_iter needs to copy entire blocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50250",
"datePublished": "2024-11-09T10:14:59.003Z",
"dateReserved": "2024-10-21T19:36:19.979Z",
"dateUpdated": "2026-05-23T15:54:53.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50251 (GCVE-0-2024-50251)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2026-05-12 12:00
VLAI
EPSS
Title
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
If access to offset + length is larger than the skbuff length, then
skb_checksum() triggers BUG_ON().
skb_checksum() internally subtracts the length parameter while iterating
over skbuff, BUG_ON(len) at the end of it checks that the expected
length to be included in the checksum calculation is fully consumed.
Severity
No CVSS data available.
Assigner
References
14 references
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < a661ed364ae6ae88c2fafa9ddc27df1af2a73701
(git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < e3e608cbad376674d19a71ccd0d41804d9393f02 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < b1d2de8a669fa14c499a385e056944d5352b3b40 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < d3217323525f7596427124359e76ea0d8fcc9874 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < 0ab3be58b45b996764aba0187b46de19b3e58a72 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < c43e0ea848e7b9bef7a682cbc5608022d6d29d7b (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < d5953d680f7e96208c29ce4139a0e38de87a57fe (git) |
|
| Linux | Linux |
Affected:
4.5
Unaffected: 0 , < 4.5 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.229 , ≤ 5.10.* (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:31.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/slavin-ayu/CVE-2024-50251-PoC"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:00:38.265Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_payload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a661ed364ae6ae88c2fafa9ddc27df1af2a73701",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "e3e608cbad376674d19a71ccd0d41804d9393f02",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "b1d2de8a669fa14c499a385e056944d5352b3b40",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "d3217323525f7596427124359e76ea0d8fcc9874",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "0ab3be58b45b996764aba0187b46de19b3e58a72",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "c43e0ea848e7b9bef7a682cbc5608022d6d29d7b",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "d5953d680f7e96208c29ce4139a0e38de87a57fe",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_payload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:28.958Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701"
},
{
"url": "https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534"
},
{
"url": "https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02"
},
{
"url": "https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40"
},
{
"url": "https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874"
},
{
"url": "https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72"
},
{
"url": "https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b"
},
{
"url": "https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe"
}
],
"title": "netfilter: nft_payload: sanitize offset and length before calling skb_checksum()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50251",
"datePublished": "2024-11-09T10:14:59.820Z",
"dateReserved": "2024-10-21T19:36:19.979Z",
"dateUpdated": "2026-05-12T12:00:38.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50252 (GCVE-0-2024-50252)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
The device stores IPv6 addresses that are used for encapsulation in
linear memory that is managed by the driver.
Changing the remote address of an ip6gre net device never worked
properly, but since cited commit the following reproducer [1] would
result in a warning [2] and a memory leak [3]. The problem is that the
new remote address is never added by the driver to its hash table (and
therefore the device) and the old address is never removed from it.
Fix by programming the new address when the configuration of the ip6gre
net device changes and removing the old one. If the address did not
change, then the above would result in increasing the reference count of
the address and then decreasing it.
[1]
# ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit
# ip link set dev bla type ip6gre remote 2001:db8:3::1
# ip link del dev bla
# devlink dev reload pci/0000:01:00.0
[2]
WARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0
Modules linked in:
CPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151
Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023
RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0
[...]
Call Trace:
<TASK>
mlxsw_sp_router_netdevice_event+0x55f/0x1240
notifier_call_chain+0x5a/0xd0
call_netdevice_notifiers_info+0x39/0x90
unregister_netdevice_many_notify+0x63e/0x9d0
rtnl_dellink+0x16b/0x3a0
rtnetlink_rcv_msg+0x142/0x3f0
netlink_rcv_skb+0x50/0x100
netlink_unicast+0x242/0x390
netlink_sendmsg+0x1de/0x420
____sys_sendmsg+0x2bd/0x320
___sys_sendmsg+0x9a/0xe0
__sys_sendmsg+0x7a/0xd0
do_syscall_64+0x9e/0x1a0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
[3]
unreferenced object 0xffff898081f597a0 (size 32):
comm "ip", pid 1626, jiffies 4294719324
hex dump (first 32 bytes):
20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............
21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............
backtrace (crc fd9be911):
[<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260
[<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340
[<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240
[<00000000743e7757>] notifier_call_chain+0x5a/0xd0
[<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90
[<000000002509645d>] register_netdevice+0x5f7/0x7a0
[<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130
[<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120
[<000000004df7c7cc>] rtnl_newlink+0x471/0xa20
[<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0
[<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100
[<00000000908bca63>] netlink_unicast+0x242/0x390
[<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420
[<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320
[<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0
[<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cf42911523e02026cb56d329e584ae5923e94ba1 , < d8f298eb6659eb6a38e26b79e77de4449dc6e61b
(git)
Affected: cf42911523e02026cb56d329e584ae5923e94ba1 , < 31384aa2ad05c29c7745000f321154f42de24d1a (git) Affected: cf42911523e02026cb56d329e584ae5923e94ba1 , < c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942 (git) Affected: cf42911523e02026cb56d329e584ae5923e94ba1 , < 12ae97c531fcd3bfd774d4dfeaeac23eafe24280 (git) |
|
| Linux | Linux |
Affected:
5.17
Unaffected: 0 , < 5.17 (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:48.404342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:24.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:33.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d8f298eb6659eb6a38e26b79e77de4449dc6e61b",
"status": "affected",
"version": "cf42911523e02026cb56d329e584ae5923e94ba1",
"versionType": "git"
},
{
"lessThan": "31384aa2ad05c29c7745000f321154f42de24d1a",
"status": "affected",
"version": "cf42911523e02026cb56d329e584ae5923e94ba1",
"versionType": "git"
},
{
"lessThan": "c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942",
"status": "affected",
"version": "cf42911523e02026cb56d329e584ae5923e94ba1",
"versionType": "git"
},
{
"lessThan": "12ae97c531fcd3bfd774d4dfeaeac23eafe24280",
"status": "affected",
"version": "cf42911523e02026cb56d329e584ae5923e94ba1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address\n\nThe device stores IPv6 addresses that are used for encapsulation in\nlinear memory that is managed by the driver.\n\nChanging the remote address of an ip6gre net device never worked\nproperly, but since cited commit the following reproducer [1] would\nresult in a warning [2] and a memory leak [3]. The problem is that the\nnew remote address is never added by the driver to its hash table (and\ntherefore the device) and the old address is never removed from it.\n\nFix by programming the new address when the configuration of the ip6gre\nnet device changes and removing the old one. If the address did not\nchange, then the above would result in increasing the reference count of\nthe address and then decreasing it.\n\n[1]\n # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit\n # ip link set dev bla type ip6gre remote 2001:db8:3::1\n # ip link del dev bla\n # devlink dev reload pci/0000:01:00.0\n\n[2]\nWARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0\nModules linked in:\nCPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nRIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_router_netdevice_event+0x55f/0x1240\n notifier_call_chain+0x5a/0xd0\n call_netdevice_notifiers_info+0x39/0x90\n unregister_netdevice_many_notify+0x63e/0x9d0\n rtnl_dellink+0x16b/0x3a0\n rtnetlink_rcv_msg+0x142/0x3f0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x242/0x390\n netlink_sendmsg+0x1de/0x420\n ____sys_sendmsg+0x2bd/0x320\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[3]\nunreferenced object 0xffff898081f597a0 (size 32):\n comm \"ip\", pid 1626, jiffies 4294719324\n hex dump (first 32 bytes):\n 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............\n 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............\n backtrace (crc fd9be911):\n [\u003c00000000df89c55d\u003e] __kmalloc_cache_noprof+0x1da/0x260\n [\u003c00000000ff2a1ddb\u003e] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340\n [\u003c000000009ddd445d\u003e] mlxsw_sp_router_netdevice_event+0x47b/0x1240\n [\u003c00000000743e7757\u003e] notifier_call_chain+0x5a/0xd0\n [\u003c000000007c7b9e13\u003e] call_netdevice_notifiers_info+0x39/0x90\n [\u003c000000002509645d\u003e] register_netdevice+0x5f7/0x7a0\n [\u003c00000000c2e7d2a9\u003e] ip6gre_newlink_common.isra.0+0x65/0x130\n [\u003c0000000087cd6d8d\u003e] ip6gre_newlink+0x72/0x120\n [\u003c000000004df7c7cc\u003e] rtnl_newlink+0x471/0xa20\n [\u003c0000000057ed632a\u003e] rtnetlink_rcv_msg+0x142/0x3f0\n [\u003c0000000032e0d5b5\u003e] netlink_rcv_skb+0x50/0x100\n [\u003c00000000908bca63\u003e] netlink_unicast+0x242/0x390\n [\u003c00000000cdbe1c87\u003e] netlink_sendmsg+0x1de/0x420\n [\u003c0000000011db153e\u003e] ____sys_sendmsg+0x2bd/0x320\n [\u003c000000003b6d53eb\u003e] ___sys_sendmsg+0x9a/0xe0\n [\u003c00000000cae27c62\u003e] __sys_sendmsg+0x7a/0xd0"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:31.577Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d8f298eb6659eb6a38e26b79e77de4449dc6e61b"
},
{
"url": "https://git.kernel.org/stable/c/31384aa2ad05c29c7745000f321154f42de24d1a"
},
{
"url": "https://git.kernel.org/stable/c/c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942"
},
{
"url": "https://git.kernel.org/stable/c/12ae97c531fcd3bfd774d4dfeaeac23eafe24280"
}
],
"title": "mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50252",
"datePublished": "2024-11-09T10:15:00.949Z",
"dateReserved": "2024-10-21T19:36:19.979Z",
"dateUpdated": "2026-05-11T20:48:31.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50255 (GCVE-0-2024-50255)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes.
__hci_cmd_sync_sk() returns NULL if a command returns a status event.
However, it also returns NULL where an opcode doesn't exist in the
hci_cc table because hci_cmd_complete_evt() assumes status = skb->data[0]
for unknown opcodes.
This leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as
there is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes
status = skb->data[0].
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: hci7 hci_power_on
RIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138
Code: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 <0f> b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78
RSP: 0018:ffff888120bafac8 EFLAGS: 00010212
RAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040
RDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4
RBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054
R10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000
FS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0
PKRU: 55555554
Call Trace:
<TASK>
hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline]
hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline]
hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline]
hci_init_sync net/bluetooth/hci_sync.c:4742 [inline]
hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline]
hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994
hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]
hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015
process_one_work kernel/workqueue.c:3267 [inline]
process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348
worker_thread+0x91f/0xe50 kernel/workqueue.c:3429
kthread+0x2cb/0x360 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < 5d9054b9f769a8e124c4fa02072437c864726baf
(git)
Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < 1f1764466c33a4466363b821a25cd65c46a5a793 (git) Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < 48d7c24b7ef6417c68f206566364db1f8087bb23 (git) Affected: abfeea476c68afea54c9c050a2d3b19d5d2ee873 , < 1e67d8641813f1876a42eeb4f532487b8a7fb0a8 (git) |
|
| Linux | Linux |
Affected:
5.17
Unaffected: 0 , < 5.17 (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:37.345416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:24.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:34.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_sync.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d9054b9f769a8e124c4fa02072437c864726baf",
"status": "affected",
"version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
"versionType": "git"
},
{
"lessThan": "1f1764466c33a4466363b821a25cd65c46a5a793",
"status": "affected",
"version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
"versionType": "git"
},
{
"lessThan": "48d7c24b7ef6417c68f206566364db1f8087bb23",
"status": "affected",
"version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
"versionType": "git"
},
{
"lessThan": "1e67d8641813f1876a42eeb4f532487b8a7fb0a8",
"status": "affected",
"version": "abfeea476c68afea54c9c050a2d3b19d5d2ee873",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_sync.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs\n\nFix __hci_cmd_sync_sk() to return not NULL for unknown opcodes.\n\n__hci_cmd_sync_sk() returns NULL if a command returns a status event.\nHowever, it also returns NULL where an opcode doesn\u0027t exist in the\nhci_cc table because hci_cmd_complete_evt() assumes status = skb-\u003edata[0]\nfor unknown opcodes.\nThis leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as\nthere is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes\nstatus = skb-\u003edata[0].\n\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci7 hci_power_on\nRIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138\nCode: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 \u003c0f\u003e b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78\nRSP: 0018:ffff888120bafac8 EFLAGS: 00010212\nRAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040\nRDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4\nRBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054\nR10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000\nFS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline]\n hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline]\n hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline]\n hci_init_sync net/bluetooth/hci_sync.c:4742 [inline]\n hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline]\n hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994\n hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]\n hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015\n process_one_work kernel/workqueue.c:3267 [inline]\n process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348\n worker_thread+0x91f/0xe50 kernel/workqueue.c:3429\n kthread+0x2cb/0x360 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:34.942Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d9054b9f769a8e124c4fa02072437c864726baf"
},
{
"url": "https://git.kernel.org/stable/c/1f1764466c33a4466363b821a25cd65c46a5a793"
},
{
"url": "https://git.kernel.org/stable/c/48d7c24b7ef6417c68f206566364db1f8087bb23"
},
{
"url": "https://git.kernel.org/stable/c/1e67d8641813f1876a42eeb4f532487b8a7fb0a8"
}
],
"title": "Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50255",
"datePublished": "2024-11-09T10:15:08.658Z",
"dateReserved": "2024-10-21T19:36:19.980Z",
"dateUpdated": "2026-05-11T20:48:34.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50256 (GCVE-0-2024-50256)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
I got a syzbot report without a repro [1] crashing in nf_send_reset6()
I think the issue is that dev->hard_header_len is zero, and we attempt
later to push an Ethernet header.
Use LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c.
[1]
skbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun
kernel BUG at net/core/skbuff.c:206 !
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]
RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216
Code: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3
RSP: 0018:ffffc900045269b0 EFLAGS: 00010282
RAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800
RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
RBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc
R10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140
R13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c
FS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
skb_push+0xe5/0x100 net/core/skbuff.c:2636
eth_header+0x38/0x1f0 net/ethernet/eth.c:83
dev_hard_header include/linux/netdevice.h:3208 [inline]
nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358
nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48
expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]
nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288
nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424
__netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562
__netif_receive_skb_one_core net/core/dev.c:5666 [inline]
__netif_receive_skb+0x12f/0x650 net/core/dev.c:5781
netif_receive_skb_internal net/core/dev.c:5867 [inline]
netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926
tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550
tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007
tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6d/0xc90 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdbeeb7d1ff
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
RSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff
RDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8
RBP: 00007fdbeebf12be R08: 0000000
---truncated---
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c8d7b98bec43faaa6583c3135030be5eb4693acb , < 4f7b586aae53c2ed820661803da8ce18b1361921
(git)
Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < fef63832317d9d24e1214cdd8f204d02ebdf8499 (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < f85b057e34419e5ec0583a65078a11ccc1d4540a (git) Affected: c8d7b98bec43faaa6583c3135030be5eb4693acb , < 4ed234fe793f27a3b151c43d2106df2ff0d81aac (git) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:33.931486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:24.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:36.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f7b586aae53c2ed820661803da8ce18b1361921",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "fef63832317d9d24e1214cdd8f204d02ebdf8499",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "f85b057e34419e5ec0583a65078a11ccc1d4540a",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
},
{
"lessThan": "4ed234fe793f27a3b151c43d2106df2ff0d81aac",
"status": "affected",
"version": "c8d7b98bec43faaa6583c3135030be5eb4693acb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()\n\nI got a syzbot report without a repro [1] crashing in nf_send_reset6()\n\nI think the issue is that dev-\u003ehard_header_len is zero, and we attempt\nlater to push an Ethernet header.\n\nUse LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c.\n\n[1]\n\nskbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc900045269b0 EFLAGS: 00010282\nRAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800\nRDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000\nRBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc\nR10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140\nR13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c\nFS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_push+0xe5/0x100 net/core/skbuff.c:2636\n eth_header+0x38/0x1f0 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3208 [inline]\n nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358\n nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]\n br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424\n __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562\n __netif_receive_skb_one_core net/core/dev.c:5666 [inline]\n __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781\n netif_receive_skb_internal net/core/dev.c:5867 [inline]\n netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926\n tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550\n tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007\n tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053\n new_sync_write fs/read_write.c:590 [inline]\n vfs_write+0xa6d/0xc90 fs/read_write.c:683\n ksys_write+0x183/0x2b0 fs/read_write.c:736\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fdbeeb7d1ff\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48\nRSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff\nRDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8\nRBP: 00007fdbeebf12be R08: 0000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:36.108Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f7b586aae53c2ed820661803da8ce18b1361921"
},
{
"url": "https://git.kernel.org/stable/c/fef63832317d9d24e1214cdd8f204d02ebdf8499"
},
{
"url": "https://git.kernel.org/stable/c/f85b057e34419e5ec0583a65078a11ccc1d4540a"
},
{
"url": "https://git.kernel.org/stable/c/4ed234fe793f27a3b151c43d2106df2ff0d81aac"
}
],
"title": "netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50256",
"datePublished": "2024-11-09T10:15:09.551Z",
"dateReserved": "2024-10-21T19:36:19.980Z",
"dateUpdated": "2026-05-11T20:48:36.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…