Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-1031
Vulnerability from certfr_avis - Published: 2024-11-29 - Updated: 2024-11-29
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.119-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53054"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-43868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43868"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50228"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-35964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35964"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53070"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
}
],
"initial_release_date": "2024-11-29T00:00:00",
"last_revision_date": "2024-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5818-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
}
]
}
CVE-2024-50257 (GCVE-0-2024-50257)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
netfilter: Fix use-after-free in get_info()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: Fix use-after-free in get_info()
ip6table_nat module unload has refcnt warning for UAF. call trace is:
WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80
Modules linked in: ip6table_nat(-)
CPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:module_put+0x6f/0x80
Call Trace:
<TASK>
get_info+0x128/0x180
do_ip6t_get_ctl+0x6a/0x430
nf_getsockopt+0x46/0x80
ipv6_getsockopt+0xb9/0x100
rawv6_getsockopt+0x42/0x190
do_sock_getsockopt+0xaa/0x180
__sys_getsockopt+0x70/0xc0
__x64_sys_getsockopt+0x20/0x30
do_syscall_64+0xa2/0x1a0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Concurrent execution of module unload and get_info() trigered the warning.
The root cause is as follows:
cpu0 cpu1
module_exit
//mod->state = MODULE_STATE_GOING
ip6table_nat_exit
xt_unregister_template
kfree(t)
//removed from templ_list
getinfo()
t = xt_find_table_lock
list_for_each_entry(tmpl, &xt_templates[af]...)
if (strcmp(tmpl->name, name))
continue; //table not found
try_module_get
list_for_each_entry(t, &xt_net->tables[af]...)
return t; //not get refcnt
module_put(t->me) //uaf
unregister_pernet_subsys
//remove table from xt_net list
While xt_table module was going away and has been removed from
xt_templates list, we couldnt get refcnt of xt_table->me. Check
module in xt_net->tables list re-traversal to fix it.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < ba22ea01348384df19cc1fabc7964be6e7189749
(git)
Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < cb7c388b5967946f097afdb759b7c860305f2d96 (git) Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < 6a1f088f9807f5166f58902d26246d0b88da03a8 (git) Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < bab3bb35c03b263c486833d50d50c081d9e9832b (git) Affected: fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 , < f48d258f0ac540f00fa617dac496c4c18b5dc2fa (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T14:25:40.458302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T14:58:32.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:37.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/x_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ba22ea01348384df19cc1fabc7964be6e7189749",
"status": "affected",
"version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
"versionType": "git"
},
{
"lessThan": "cb7c388b5967946f097afdb759b7c860305f2d96",
"status": "affected",
"version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
"versionType": "git"
},
{
"lessThan": "6a1f088f9807f5166f58902d26246d0b88da03a8",
"status": "affected",
"version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
"versionType": "git"
},
{
"lessThan": "bab3bb35c03b263c486833d50d50c081d9e9832b",
"status": "affected",
"version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
"versionType": "git"
},
{
"lessThan": "f48d258f0ac540f00fa617dac496c4c18b5dc2fa",
"status": "affected",
"version": "fdacd57c79b79a03c7ca88f706ad9fb7b46831c1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/x_tables.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: Fix use-after-free in get_info()\n\nip6table_nat module unload has refcnt warning for UAF. call trace is:\n\nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80\nModules linked in: ip6table_nat(-)\nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:module_put+0x6f/0x80\nCall Trace:\n \u003cTASK\u003e\n get_info+0x128/0x180\n do_ip6t_get_ctl+0x6a/0x430\n nf_getsockopt+0x46/0x80\n ipv6_getsockopt+0xb9/0x100\n rawv6_getsockopt+0x42/0x190\n do_sock_getsockopt+0xaa/0x180\n __sys_getsockopt+0x70/0xc0\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0xa2/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent execution of module unload and get_info() trigered the warning.\nThe root cause is as follows:\n\ncpu0\t\t\t\t cpu1\nmodule_exit\n//mod-\u003estate = MODULE_STATE_GOING\n ip6table_nat_exit\n xt_unregister_template\n\tkfree(t)\n\t//removed from templ_list\n\t\t\t\t getinfo()\n\t\t\t\t\t t = xt_find_table_lock\n\t\t\t\t\t\tlist_for_each_entry(tmpl, \u0026xt_templates[af]...)\n\t\t\t\t\t\t\tif (strcmp(tmpl-\u003ename, name))\n\t\t\t\t\t\t\t\tcontinue; //table not found\n\t\t\t\t\t\t\ttry_module_get\n\t\t\t\t\t\tlist_for_each_entry(t, \u0026xt_net-\u003etables[af]...)\n\t\t\t\t\t\t\treturn t; //not get refcnt\n\t\t\t\t\t module_put(t-\u003eme) //uaf\n unregister_pernet_subsys\n //remove table from xt_net list\n\nWhile xt_table module was going away and has been removed from\nxt_templates list, we couldnt get refcnt of xt_table-\u003eme. Check\nmodule in xt_net-\u003etables list re-traversal to fix it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:37.257Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ba22ea01348384df19cc1fabc7964be6e7189749"
},
{
"url": "https://git.kernel.org/stable/c/cb7c388b5967946f097afdb759b7c860305f2d96"
},
{
"url": "https://git.kernel.org/stable/c/6a1f088f9807f5166f58902d26246d0b88da03a8"
},
{
"url": "https://git.kernel.org/stable/c/bab3bb35c03b263c486833d50d50c081d9e9832b"
},
{
"url": "https://git.kernel.org/stable/c/f48d258f0ac540f00fa617dac496c4c18b5dc2fa"
}
],
"title": "netfilter: Fix use-after-free in get_info()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50257",
"datePublished": "2024-11-09T10:15:10.373Z",
"dateReserved": "2024-10-21T19:36:19.980Z",
"dateUpdated": "2026-05-11T20:48:37.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50259 (GCVE-0-2024-50259)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
This was found by a static analyzer.
We should not forget the trailing zero after copy_from_user()
if we will further do some string operations, sscanf() in this
case. Adding a trailing zero will ensure that the function
performs properly.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c6385c0b67c527b298111775bc89a7407ba1581e , < c2150f666c6fc301d5d1643ed0f92251f1a0ff0d
(git)
Affected: c6385c0b67c527b298111775bc89a7407ba1581e , < bcba86e03b3aac361ea671672cf48eed11f9011c (git) Affected: c6385c0b67c527b298111775bc89a7407ba1581e , < 6a604877160fe5ab2e1985d5ce1ba6a61abe0693 (git) Affected: c6385c0b67c527b298111775bc89a7407ba1581e , < 27bd7a742e171362c9eb52ad5d1d71d3321f949f (git) Affected: c6385c0b67c527b298111775bc89a7407ba1581e , < 4ce1f56a1eaced2523329bef800d004e30f2f76c (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:29.343925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:24.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:39.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/netdevsim/fib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c2150f666c6fc301d5d1643ed0f92251f1a0ff0d",
"status": "affected",
"version": "c6385c0b67c527b298111775bc89a7407ba1581e",
"versionType": "git"
},
{
"lessThan": "bcba86e03b3aac361ea671672cf48eed11f9011c",
"status": "affected",
"version": "c6385c0b67c527b298111775bc89a7407ba1581e",
"versionType": "git"
},
{
"lessThan": "6a604877160fe5ab2e1985d5ce1ba6a61abe0693",
"status": "affected",
"version": "c6385c0b67c527b298111775bc89a7407ba1581e",
"versionType": "git"
},
{
"lessThan": "27bd7a742e171362c9eb52ad5d1d71d3321f949f",
"status": "affected",
"version": "c6385c0b67c527b298111775bc89a7407ba1581e",
"versionType": "git"
},
{
"lessThan": "4ce1f56a1eaced2523329bef800d004e30f2f76c",
"status": "affected",
"version": "c6385c0b67c527b298111775bc89a7407ba1581e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/netdevsim/fib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()\n\nThis was found by a static analyzer.\nWe should not forget the trailing zero after copy_from_user()\nif we will further do some string operations, sscanf() in this\ncase. Adding a trailing zero will ensure that the function\nperforms properly."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:39.553Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c2150f666c6fc301d5d1643ed0f92251f1a0ff0d"
},
{
"url": "https://git.kernel.org/stable/c/bcba86e03b3aac361ea671672cf48eed11f9011c"
},
{
"url": "https://git.kernel.org/stable/c/6a604877160fe5ab2e1985d5ce1ba6a61abe0693"
},
{
"url": "https://git.kernel.org/stable/c/27bd7a742e171362c9eb52ad5d1d71d3321f949f"
},
{
"url": "https://git.kernel.org/stable/c/4ce1f56a1eaced2523329bef800d004e30f2f76c"
}
],
"title": "netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50259",
"datePublished": "2024-11-09T10:15:12.251Z",
"dateReserved": "2024-10-21T19:36:19.981Z",
"dateUpdated": "2026-05-11T20:48:39.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50261 (GCVE-0-2024-50261)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:15 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
macsec: Fix use-after-free while sending the offloading packet
Summary
In the Linux kernel, the following vulnerability has been resolved:
macsec: Fix use-after-free while sending the offloading packet
KASAN reports the following UAF. The metadata_dst, which is used to
store the SCI value for macsec offload, is already freed by
metadata_dst_free() in macsec_free_netdev(), while driver still use it
for sending the packet.
To fix this issue, dst_release() is used instead to release
metadata_dst. So it is not freed instantly in macsec_free_netdev() if
still referenced by skb.
BUG: KASAN: slab-use-after-free in mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]
Read of size 2 at addr ffff88813e42e038 by task kworker/7:2/714
[...]
Workqueue: mld mld_ifc_work
Call Trace:
<TASK>
dump_stack_lvl+0x51/0x60
print_report+0xc1/0x600
kasan_report+0xab/0xe0
mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]
dev_hard_start_xmit+0x120/0x530
sch_direct_xmit+0x149/0x11e0
__qdisc_run+0x3ad/0x1730
__dev_queue_xmit+0x1196/0x2ed0
vlan_dev_hard_start_xmit+0x32e/0x510 [8021q]
dev_hard_start_xmit+0x120/0x530
__dev_queue_xmit+0x14a7/0x2ed0
macsec_start_xmit+0x13e9/0x2340
dev_hard_start_xmit+0x120/0x530
__dev_queue_xmit+0x14a7/0x2ed0
ip6_finish_output2+0x923/0x1a70
ip6_finish_output+0x2d7/0x970
ip6_output+0x1ce/0x3a0
NF_HOOK.constprop.0+0x15f/0x190
mld_sendpack+0x59a/0xbd0
mld_ifc_work+0x48a/0xa80
process_one_work+0x5aa/0xe50
worker_thread+0x79c/0x1290
kthread+0x28f/0x350
ret_from_fork+0x2d/0x70
ret_from_fork_asm+0x11/0x20
</TASK>
Allocated by task 3922:
kasan_save_stack+0x20/0x40
kasan_save_track+0x10/0x30
__kasan_kmalloc+0x77/0x90
__kmalloc_noprof+0x188/0x400
metadata_dst_alloc+0x1f/0x4e0
macsec_newlink+0x914/0x1410
__rtnl_newlink+0xe08/0x15b0
rtnl_newlink+0x5f/0x90
rtnetlink_rcv_msg+0x667/0xa80
netlink_rcv_skb+0x12c/0x360
netlink_unicast+0x551/0x770
netlink_sendmsg+0x72d/0xbd0
__sock_sendmsg+0xc5/0x190
____sys_sendmsg+0x52e/0x6a0
___sys_sendmsg+0xeb/0x170
__sys_sendmsg+0xb5/0x140
do_syscall_64+0x4c/0x100
entry_SYSCALL_64_after_hwframe+0x4b/0x53
Freed by task 4011:
kasan_save_stack+0x20/0x40
kasan_save_track+0x10/0x30
kasan_save_free_info+0x37/0x50
poison_slab_object+0x10c/0x190
__kasan_slab_free+0x11/0x30
kfree+0xe0/0x290
macsec_free_netdev+0x3f/0x140
netdev_run_todo+0x450/0xc70
rtnetlink_rcv_msg+0x66f/0xa80
netlink_rcv_skb+0x12c/0x360
netlink_unicast+0x551/0x770
netlink_sendmsg+0x72d/0xbd0
__sock_sendmsg+0xc5/0x190
____sys_sendmsg+0x52e/0x6a0
___sys_sendmsg+0xeb/0x170
__sys_sendmsg+0xb5/0x140
do_syscall_64+0x4c/0x100
entry_SYSCALL_64_after_hwframe+0x4b/0x53
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0a28bfd4971fd570d1f3e4653b21415becefc92c , < 872932cf75cf859804370a265dd58118129386fa
(git)
Affected: 0a28bfd4971fd570d1f3e4653b21415becefc92c , < 9f5ae743dbe9a2458540a7d35fff0f990df025cf (git) Affected: 0a28bfd4971fd570d1f3e4653b21415becefc92c , < 4614640f1d5c93c22272117dc256e9940ccac8e8 (git) Affected: 0a28bfd4971fd570d1f3e4653b21415becefc92c , < f1e54d11b210b53d418ff1476c6b58a2f434dfc0 (git) |
|
| Linux | Linux |
Affected:
6.1
Unaffected: 0 , < 6.1 (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T14:25:36.484321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T14:58:32.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:40.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/macsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "872932cf75cf859804370a265dd58118129386fa",
"status": "affected",
"version": "0a28bfd4971fd570d1f3e4653b21415becefc92c",
"versionType": "git"
},
{
"lessThan": "9f5ae743dbe9a2458540a7d35fff0f990df025cf",
"status": "affected",
"version": "0a28bfd4971fd570d1f3e4653b21415becefc92c",
"versionType": "git"
},
{
"lessThan": "4614640f1d5c93c22272117dc256e9940ccac8e8",
"status": "affected",
"version": "0a28bfd4971fd570d1f3e4653b21415becefc92c",
"versionType": "git"
},
{
"lessThan": "f1e54d11b210b53d418ff1476c6b58a2f434dfc0",
"status": "affected",
"version": "0a28bfd4971fd570d1f3e4653b21415becefc92c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/macsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: Fix use-after-free while sending the offloading packet\n\nKASAN reports the following UAF. The metadata_dst, which is used to\nstore the SCI value for macsec offload, is already freed by\nmetadata_dst_free() in macsec_free_netdev(), while driver still use it\nfor sending the packet.\n\nTo fix this issue, dst_release() is used instead to release\nmetadata_dst. So it is not freed instantly in macsec_free_netdev() if\nstill referenced by skb.\n\n BUG: KASAN: slab-use-after-free in mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n Read of size 2 at addr ffff88813e42e038 by task kworker/7:2/714\n [...]\n Workqueue: mld mld_ifc_work\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x60\n print_report+0xc1/0x600\n kasan_report+0xab/0xe0\n mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n dev_hard_start_xmit+0x120/0x530\n sch_direct_xmit+0x149/0x11e0\n __qdisc_run+0x3ad/0x1730\n __dev_queue_xmit+0x1196/0x2ed0\n vlan_dev_hard_start_xmit+0x32e/0x510 [8021q]\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n macsec_start_xmit+0x13e9/0x2340\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n ip6_finish_output2+0x923/0x1a70\n ip6_finish_output+0x2d7/0x970\n ip6_output+0x1ce/0x3a0\n NF_HOOK.constprop.0+0x15f/0x190\n mld_sendpack+0x59a/0xbd0\n mld_ifc_work+0x48a/0xa80\n process_one_work+0x5aa/0xe50\n worker_thread+0x79c/0x1290\n kthread+0x28f/0x350\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\n Allocated by task 3922:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x77/0x90\n __kmalloc_noprof+0x188/0x400\n metadata_dst_alloc+0x1f/0x4e0\n macsec_newlink+0x914/0x1410\n __rtnl_newlink+0xe08/0x15b0\n rtnl_newlink+0x5f/0x90\n rtnetlink_rcv_msg+0x667/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 4011:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x50\n poison_slab_object+0x10c/0x190\n __kasan_slab_free+0x11/0x30\n kfree+0xe0/0x290\n macsec_free_netdev+0x3f/0x140\n netdev_run_todo+0x450/0xc70\n rtnetlink_rcv_msg+0x66f/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:41.812Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/872932cf75cf859804370a265dd58118129386fa"
},
{
"url": "https://git.kernel.org/stable/c/9f5ae743dbe9a2458540a7d35fff0f990df025cf"
},
{
"url": "https://git.kernel.org/stable/c/4614640f1d5c93c22272117dc256e9940ccac8e8"
},
{
"url": "https://git.kernel.org/stable/c/f1e54d11b210b53d418ff1476c6b58a2f434dfc0"
}
],
"title": "macsec: Fix use-after-free while sending the offloading packet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50261",
"datePublished": "2024-11-09T10:15:14.259Z",
"dateReserved": "2024-10-21T19:36:19.981Z",
"dateUpdated": "2026-05-11T20:48:41.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50262 (GCVE-0-2024-50262)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:17 – Updated: 2026-05-12 12:00
VLAI
EPSS
Title
bpf: Fix out-of-bounds write in trie_get_next_key()
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key()
trie_get_next_key() allocates a node stack with size trie->max_prefixlen,
while it writes (trie->max_prefixlen + 1) nodes to the stack when it has
full paths from the root to leaves. For example, consider a trie with
max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...
0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with
.prefixlen = 8 make 9 nodes be written on the node stack with size 8.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
13 references
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b471f2f1de8b816f1e799b80aa92588f3566e4bd , < e8494ac079814a53fbc2258d2743e720907488ed
(git)
Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < 91afbc0eb3c90258ae378ae3c6ead3d2371e926d (git) Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < 590976f921723d53ac199c01d5b7b73a94875e68 (git) Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < 86c8ebe02d8806dd8878d0063e8e185622ab6ea6 (git) Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < a035df0b98df424559fd383e8e1a268f422ea2ba (git) Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < 90a6e0e1e151ef7a9282e78f54c3091de2dcc99c (git) Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < c4b4f9a9ab82238cb158fa4fe61a8c0ae21a4980 (git) Affected: b471f2f1de8b816f1e799b80aa92588f3566e4bd , < 13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21 (git) |
|
| Linux | Linux |
Affected:
4.16
Unaffected: 0 , < 4.16 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.229 , ≤ 5.10.* (semver) Unaffected: 5.15.171 , ≤ 5.15.* (semver) Unaffected: 6.1.116 , ≤ 6.1.* (semver) Unaffected: 6.6.60 , ≤ 6.6.* (semver) Unaffected: 6.11.7 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.2
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T15:09:18.664200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T15:18:34.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:42.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:00:45.652Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/lpm_trie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e8494ac079814a53fbc2258d2743e720907488ed",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "91afbc0eb3c90258ae378ae3c6ead3d2371e926d",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "590976f921723d53ac199c01d5b7b73a94875e68",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "86c8ebe02d8806dd8878d0063e8e185622ab6ea6",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "a035df0b98df424559fd383e8e1a268f422ea2ba",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "90a6e0e1e151ef7a9282e78f54c3091de2dcc99c",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "c4b4f9a9ab82238cb158fa4fe61a8c0ae21a4980",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
},
{
"lessThan": "13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21",
"status": "affected",
"version": "b471f2f1de8b816f1e799b80aa92588f3566e4bd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/lpm_trie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix out-of-bounds write in trie_get_next_key()\n\ntrie_get_next_key() allocates a node stack with size trie-\u003emax_prefixlen,\nwhile it writes (trie-\u003emax_prefixlen + 1) nodes to the stack when it has\nfull paths from the root to leaves. For example, consider a trie with\nmax_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...\n0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with\n.prefixlen = 8 make 9 nodes be written on the node stack with size 8."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:43.014Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e8494ac079814a53fbc2258d2743e720907488ed"
},
{
"url": "https://git.kernel.org/stable/c/91afbc0eb3c90258ae378ae3c6ead3d2371e926d"
},
{
"url": "https://git.kernel.org/stable/c/590976f921723d53ac199c01d5b7b73a94875e68"
},
{
"url": "https://git.kernel.org/stable/c/86c8ebe02d8806dd8878d0063e8e185622ab6ea6"
},
{
"url": "https://git.kernel.org/stable/c/a035df0b98df424559fd383e8e1a268f422ea2ba"
},
{
"url": "https://git.kernel.org/stable/c/90a6e0e1e151ef7a9282e78f54c3091de2dcc99c"
},
{
"url": "https://git.kernel.org/stable/c/c4b4f9a9ab82238cb158fa4fe61a8c0ae21a4980"
},
{
"url": "https://git.kernel.org/stable/c/13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21"
}
],
"title": "bpf: Fix out-of-bounds write in trie_get_next_key()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50262",
"datePublished": "2024-11-09T10:17:50.461Z",
"dateReserved": "2024-10-21T19:36:19.981Z",
"dateUpdated": "2026-05-12T12:00:45.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50264 (GCVE-0-2024-50264)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:29 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
Summary
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition. This
issue is resolved by initializing vsk->trans to NULL.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
06a8fc78367d070720af960dcecec917d3ae5f3b , < 5f092a4271f6dccf88fe0d132475a17b69ef71df
(git)
Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < fd8ae346692a56b4437d626c5460c7104980f389 (git) Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1 (git) Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < 2a6a4e69f255b7aed17f93995691ab4f0d3c2203 (git) Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < 44d29897eafd0e1196453d3003a4d5e0b968eeab (git) Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < b110196fec44fe966952004bd426967c2a8fd358 (git) Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < 5f970935d09934222fdef3d0e20c648ea7a963c1 (git) Affected: 06a8fc78367d070720af960dcecec917d3ae5f3b , < 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f (git) |
|
| Linux | Linux |
Affected:
4.8
Unaffected: 0 , < 4.8 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T14:48:50.387406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T14:58:32.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:43.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/virtio_transport_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f092a4271f6dccf88fe0d132475a17b69ef71df",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "fd8ae346692a56b4437d626c5460c7104980f389",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "2a6a4e69f255b7aed17f93995691ab4f0d3c2203",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "44d29897eafd0e1196453d3003a4d5e0b968eeab",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "b110196fec44fe966952004bd426967c2a8fd358",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "5f970935d09934222fdef3d0e20c648ea7a963c1",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
},
{
"lessThan": "6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f",
"status": "affected",
"version": "06a8fc78367d070720af960dcecec917d3ae5f3b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/virtio_transport_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans\n\nDuring loopback communication, a dangling pointer can be created in\nvsk-\u003etrans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk-\u003etrans to NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:45.514Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f092a4271f6dccf88fe0d132475a17b69ef71df"
},
{
"url": "https://git.kernel.org/stable/c/fd8ae346692a56b4437d626c5460c7104980f389"
},
{
"url": "https://git.kernel.org/stable/c/eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1"
},
{
"url": "https://git.kernel.org/stable/c/2a6a4e69f255b7aed17f93995691ab4f0d3c2203"
},
{
"url": "https://git.kernel.org/stable/c/44d29897eafd0e1196453d3003a4d5e0b968eeab"
},
{
"url": "https://git.kernel.org/stable/c/b110196fec44fe966952004bd426967c2a8fd358"
},
{
"url": "https://git.kernel.org/stable/c/5f970935d09934222fdef3d0e20c648ea7a963c1"
},
{
"url": "https://git.kernel.org/stable/c/6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f"
},
{
"url": "https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html"
}
],
"title": "vsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50264",
"datePublished": "2024-11-19T01:29:59.511Z",
"dateReserved": "2024-10-21T19:36:19.982Z",
"dateUpdated": "2026-05-11T20:48:45.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50265 (GCVE-0-2024-50265)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():
[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12
[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry
[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004
[...]
[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0
[...]
[ 57.331328] Call Trace:
[ 57.331477] <TASK>
[...]
[ 57.333511] ? do_user_addr_fault+0x3e5/0x740
[ 57.333778] ? exc_page_fault+0x70/0x170
[ 57.334016] ? asm_exc_page_fault+0x2b/0x30
[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10
[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0
[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0
[ 57.335164] ocfs2_xa_set+0x704/0xcf0
[ 57.335381] ? _raw_spin_unlock+0x1a/0x40
[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20
[ 57.335915] ? trace_preempt_on+0x1e/0x70
[ 57.336153] ? start_this_handle+0x16c/0x500
[ 57.336410] ? preempt_count_sub+0x50/0x80
[ 57.336656] ? _raw_read_unlock+0x20/0x40
[ 57.336906] ? start_this_handle+0x16c/0x500
[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0
[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0
[ 57.337706] ? ocfs2_start_trans+0x13d/0x290
[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0
[ 57.338207] ? dput+0x46/0x1c0
[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30
[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30
[ 57.338948] __vfs_removexattr+0x92/0xc0
[ 57.339182] __vfs_removexattr_locked+0xd5/0x190
[ 57.339456] ? preempt_count_sub+0x50/0x80
[ 57.339705] vfs_removexattr+0x5f/0x100
[...]
Reproducer uses faultinject facility to fail ocfs2_xa_remove() ->
ocfs2_xa_value_truncate() with -ENOMEM.
In this case the comment mentions that we can return 0 if
ocfs2_xa_cleanup_value_truncate() is going to wipe the entry
anyway. But the following 'rc' check is wrong and execution flow do
'ocfs2_xa_remove_entry(loc);' twice:
* 1st: in ocfs2_xa_cleanup_value_truncate();
* 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'.
Fix this by skipping the 2nd removal of the same entry and making
syzkaller repro happy.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
399ff3a748cf4c8c853e96dd477153202636527b , < 38cbf13b2e7a31362babe411f7c2c3c52cd2734b
(git)
Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 168a9b8303fcb0317db4c06b23ce1c0ce2af4e10 (git) Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 6a7e6dcf90fe7721d0863067b6ca9a9442134692 (git) Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < dcc8fe8c83145041cb6c80cac21f6173a3ff0204 (git) Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 86dd0e8d42828923c68ad506933336bcd6f2317d (git) Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < dd73c942eed76a014c7a5597e6926435274d2c4c (git) Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 2b5369528ee63c88371816178a05b5e664c87386 (git) Affected: 399ff3a748cf4c8c853e96dd477153202636527b , < 0b63c0e01fba40e3992bc627272ec7b618ccaef7 (git) |
|
| Linux | Linux |
Affected:
2.6.34
Unaffected: 0 , < 2.6.34 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:20.154823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:23.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:45.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38cbf13b2e7a31362babe411f7c2c3c52cd2734b",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "168a9b8303fcb0317db4c06b23ce1c0ce2af4e10",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "6a7e6dcf90fe7721d0863067b6ca9a9442134692",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "dcc8fe8c83145041cb6c80cac21f6173a3ff0204",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "86dd0e8d42828923c68ad506933336bcd6f2317d",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "dd73c942eed76a014c7a5597e6926435274d2c4c",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "2b5369528ee63c88371816178a05b5e664c87386",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
},
{
"lessThan": "0b63c0e01fba40e3992bc627272ec7b618ccaef7",
"status": "affected",
"version": "399ff3a748cf4c8c853e96dd477153202636527b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \u003cTASK\u003e\n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following \u0027rc\u0027 check is wrong and execution flow do\n\u0027ocfs2_xa_remove_entry(loc);\u0027 twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to \u0027out\u0027.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:46.700Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38cbf13b2e7a31362babe411f7c2c3c52cd2734b"
},
{
"url": "https://git.kernel.org/stable/c/168a9b8303fcb0317db4c06b23ce1c0ce2af4e10"
},
{
"url": "https://git.kernel.org/stable/c/6a7e6dcf90fe7721d0863067b6ca9a9442134692"
},
{
"url": "https://git.kernel.org/stable/c/dcc8fe8c83145041cb6c80cac21f6173a3ff0204"
},
{
"url": "https://git.kernel.org/stable/c/86dd0e8d42828923c68ad506933336bcd6f2317d"
},
{
"url": "https://git.kernel.org/stable/c/dd73c942eed76a014c7a5597e6926435274d2c4c"
},
{
"url": "https://git.kernel.org/stable/c/2b5369528ee63c88371816178a05b5e664c87386"
},
{
"url": "https://git.kernel.org/stable/c/0b63c0e01fba40e3992bc627272ec7b618ccaef7"
}
],
"title": "ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50265",
"datePublished": "2024-11-19T01:30:00.861Z",
"dateReserved": "2024-10-21T19:36:19.982Z",
"dateUpdated": "2026-05-11T20:48:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50267 (GCVE-0-2024-50267)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
USB: serial: io_edgeport: fix use after free in debug printk
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: io_edgeport: fix use after free in debug printk
The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb)
is a use after free of the "urb" pointer. Store the "dev" pointer at the
start of the function to avoid this issue.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
984f68683298ba53af32f909de1f9452fbb37ccb , < e6ceb04eeb6115d872d4c4078d12f1170ed755ce
(git)
Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < 39709ce93f5c3f9eb535efe2afea088805d1128f (git) Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < e567fc8f7a4460e486e52c9261b1e8b9f5dc42aa (git) Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < 44fff2c16c5aafbdb70c7183dae0a415ae74705e (git) Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < 275258c30bbda29467216e96fb655b16bcc9992b (git) Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < 13d6ff3ca76056d06a9d88300be2a293442ff595 (git) Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < 314bdf446053e123f37543aa535197ee75f8aa97 (git) Affected: 984f68683298ba53af32f909de1f9452fbb37ccb , < 37bb5628379295c1254c113a407cab03a0f4d0b4 (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T14:26:40.834609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T14:58:31.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:46.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/serial/io_edgeport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6ceb04eeb6115d872d4c4078d12f1170ed755ce",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "39709ce93f5c3f9eb535efe2afea088805d1128f",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "e567fc8f7a4460e486e52c9261b1e8b9f5dc42aa",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "44fff2c16c5aafbdb70c7183dae0a415ae74705e",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "275258c30bbda29467216e96fb655b16bcc9992b",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "13d6ff3ca76056d06a9d88300be2a293442ff595",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "314bdf446053e123f37543aa535197ee75f8aa97",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
},
{
"lessThan": "37bb5628379295c1254c113a407cab03a0f4d0b4",
"status": "affected",
"version": "984f68683298ba53af32f909de1f9452fbb37ccb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/serial/io_edgeport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(\u0026urb-\u003edev-\u003edev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:49.058Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6ceb04eeb6115d872d4c4078d12f1170ed755ce"
},
{
"url": "https://git.kernel.org/stable/c/39709ce93f5c3f9eb535efe2afea088805d1128f"
},
{
"url": "https://git.kernel.org/stable/c/e567fc8f7a4460e486e52c9261b1e8b9f5dc42aa"
},
{
"url": "https://git.kernel.org/stable/c/44fff2c16c5aafbdb70c7183dae0a415ae74705e"
},
{
"url": "https://git.kernel.org/stable/c/275258c30bbda29467216e96fb655b16bcc9992b"
},
{
"url": "https://git.kernel.org/stable/c/13d6ff3ca76056d06a9d88300be2a293442ff595"
},
{
"url": "https://git.kernel.org/stable/c/314bdf446053e123f37543aa535197ee75f8aa97"
},
{
"url": "https://git.kernel.org/stable/c/37bb5628379295c1254c113a407cab03a0f4d0b4"
}
],
"title": "USB: serial: io_edgeport: fix use after free in debug printk",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50267",
"datePublished": "2024-11-19T01:30:03.929Z",
"dateReserved": "2024-10-21T19:36:19.982Z",
"dateUpdated": "2026-05-11T20:48:49.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50268 (GCVE-0-2024-50268)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()
The "*cmd" variable can be controlled by the user via debugfs. That means
"new_cam" can be as high as 255 while the size of the uc->updated[] array
is UCSI_MAX_ALTMODES (30).
The call tree is:
ucsi_cmd() // val comes from simple_attr_write_xsigned()
-> ucsi_send_command()
-> ucsi_send_command_common()
-> ucsi_run_command() // calls ucsi->ops->sync_control()
-> ucsi_ccg_sync_control()
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
170a6726d0e266f2c8f306e3d61715c32f4ee41e , < d76923164705821aa1b01b8d9d1741f20c654ab4
(git)
Affected: 170a6726d0e266f2c8f306e3d61715c32f4ee41e , < 8f47984b35f3be0cfc652c2ca358d5768ea3456b (git) Affected: 170a6726d0e266f2c8f306e3d61715c32f4ee41e , < 604314ecd682913925980dc955caea2d036eab5f (git) Affected: 170a6726d0e266f2c8f306e3d61715c32f4ee41e , < 69e19774f15e12dda6c6c58001d059e30895009b (git) Affected: 170a6726d0e266f2c8f306e3d61715c32f4ee41e , < 3a2ba841659a0f15102585120dea75d8d5209616 (git) Affected: 170a6726d0e266f2c8f306e3d61715c32f4ee41e , < 7dd08a0b4193087976db6b3ee7807de7e8316f96 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:13.462825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:23.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:48.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/ucsi/ucsi_ccg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d76923164705821aa1b01b8d9d1741f20c654ab4",
"status": "affected",
"version": "170a6726d0e266f2c8f306e3d61715c32f4ee41e",
"versionType": "git"
},
{
"lessThan": "8f47984b35f3be0cfc652c2ca358d5768ea3456b",
"status": "affected",
"version": "170a6726d0e266f2c8f306e3d61715c32f4ee41e",
"versionType": "git"
},
{
"lessThan": "604314ecd682913925980dc955caea2d036eab5f",
"status": "affected",
"version": "170a6726d0e266f2c8f306e3d61715c32f4ee41e",
"versionType": "git"
},
{
"lessThan": "69e19774f15e12dda6c6c58001d059e30895009b",
"status": "affected",
"version": "170a6726d0e266f2c8f306e3d61715c32f4ee41e",
"versionType": "git"
},
{
"lessThan": "3a2ba841659a0f15102585120dea75d8d5209616",
"status": "affected",
"version": "170a6726d0e266f2c8f306e3d61715c32f4ee41e",
"versionType": "git"
},
{
"lessThan": "7dd08a0b4193087976db6b3ee7807de7e8316f96",
"status": "affected",
"version": "170a6726d0e266f2c8f306e3d61715c32f4ee41e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/ucsi/ucsi_ccg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()\n\nThe \"*cmd\" variable can be controlled by the user via debugfs. That means\n\"new_cam\" can be as high as 255 while the size of the uc-\u003eupdated[] array\nis UCSI_MAX_ALTMODES (30).\n\nThe call tree is:\nucsi_cmd() // val comes from simple_attr_write_xsigned()\n-\u003e ucsi_send_command()\n -\u003e ucsi_send_command_common()\n -\u003e ucsi_run_command() // calls ucsi-\u003eops-\u003esync_control()\n -\u003e ucsi_ccg_sync_control()"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:50.203Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d76923164705821aa1b01b8d9d1741f20c654ab4"
},
{
"url": "https://git.kernel.org/stable/c/8f47984b35f3be0cfc652c2ca358d5768ea3456b"
},
{
"url": "https://git.kernel.org/stable/c/604314ecd682913925980dc955caea2d036eab5f"
},
{
"url": "https://git.kernel.org/stable/c/69e19774f15e12dda6c6c58001d059e30895009b"
},
{
"url": "https://git.kernel.org/stable/c/3a2ba841659a0f15102585120dea75d8d5209616"
},
{
"url": "https://git.kernel.org/stable/c/7dd08a0b4193087976db6b3ee7807de7e8316f96"
}
],
"title": "usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50268",
"datePublished": "2024-11-19T01:30:05.437Z",
"dateReserved": "2024-10-21T19:36:19.982Z",
"dateUpdated": "2026-05-11T20:48:50.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50269 (GCVE-0-2024-50269)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-23 15:54
VLAI
EPSS
Title
usb: musb: sunxi: Fix accessing an released usb phy
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: sunxi: Fix accessing an released usb phy
Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on
exit") will cause that usb phy @glue->xceiv is accessed after released.
1) register platform driver @sunxi_musb_driver
// get the usb phy @glue->xceiv
sunxi_musb_probe() -> devm_usb_get_phy().
2) register and unregister platform driver @musb_driver
musb_probe() -> sunxi_musb_init()
use the phy here
//the phy is released here
musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy()
3) register @musb_driver again
musb_probe() -> sunxi_musb_init()
use the phy here but the phy has been released at 2).
...
Fixed by reverting the commit, namely, removing devm_usb_put_phy()
from sunxi_musb_exit().
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 721ddad945596220c123eb6f7126729fe277ee4f
(git)
Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 4aa77d5ea9944468e16c3eed15e858fd5de44de1 (git) Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 6e2848d1c8c0139161e69ac0a94133e90e9988e8 (git) Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 63559ba8077cbadae1c92a65b73ea522bf377dd9 (git) Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < ccd811c304d2ee56189bfbc49302cb3c44361893 (git) Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 8a30da5aa9609663b3e05bcc91a916537f66a4cd (git) Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < b08baa75b989cf779cbfa0969681f8ba2dc46569 (git) Affected: 6ed05c68cbcae42cd52b8e53b66952bfa9c002ce , < 498dbd9aea205db9da674994b74c7bf8e18448bd (git) Affected: 583a4219841d00e96b5de55be160aa7eb7721a4d (git) Affected: b4ecc15d6f5a13c0bbe2777438e87e321f83faaa (git) Affected: a2259ebaa933331c53904caf792b619ec42f0da5 (git) Affected: 4.4.95 , < 4.5 (semver) Affected: 4.9.59 , < 4.10 (semver) Affected: 4.13.10 , < 4.14 (semver) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:10.216730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:23.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:49.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/musb/sunxi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "721ddad945596220c123eb6f7126729fe277ee4f",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "4aa77d5ea9944468e16c3eed15e858fd5de44de1",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "6e2848d1c8c0139161e69ac0a94133e90e9988e8",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "63559ba8077cbadae1c92a65b73ea522bf377dd9",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "ccd811c304d2ee56189bfbc49302cb3c44361893",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "8a30da5aa9609663b3e05bcc91a916537f66a4cd",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "b08baa75b989cf779cbfa0969681f8ba2dc46569",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"lessThan": "498dbd9aea205db9da674994b74c7bf8e18448bd",
"status": "affected",
"version": "6ed05c68cbcae42cd52b8e53b66952bfa9c002ce",
"versionType": "git"
},
{
"status": "affected",
"version": "583a4219841d00e96b5de55be160aa7eb7721a4d",
"versionType": "git"
},
{
"status": "affected",
"version": "b4ecc15d6f5a13c0bbe2777438e87e321f83faaa",
"versionType": "git"
},
{
"status": "affected",
"version": "a2259ebaa933331c53904caf792b619ec42f0da5",
"versionType": "git"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.95",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.59",
"versionType": "semver"
},
{
"lessThan": "4.14",
"status": "affected",
"version": "4.13.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/musb/sunxi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.13.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:54:54.443Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/721ddad945596220c123eb6f7126729fe277ee4f"
},
{
"url": "https://git.kernel.org/stable/c/4aa77d5ea9944468e16c3eed15e858fd5de44de1"
},
{
"url": "https://git.kernel.org/stable/c/6e2848d1c8c0139161e69ac0a94133e90e9988e8"
},
{
"url": "https://git.kernel.org/stable/c/63559ba8077cbadae1c92a65b73ea522bf377dd9"
},
{
"url": "https://git.kernel.org/stable/c/ccd811c304d2ee56189bfbc49302cb3c44361893"
},
{
"url": "https://git.kernel.org/stable/c/8a30da5aa9609663b3e05bcc91a916537f66a4cd"
},
{
"url": "https://git.kernel.org/stable/c/b08baa75b989cf779cbfa0969681f8ba2dc46569"
},
{
"url": "https://git.kernel.org/stable/c/498dbd9aea205db9da674994b74c7bf8e18448bd"
}
],
"title": "usb: musb: sunxi: Fix accessing an released usb phy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50269",
"datePublished": "2024-11-19T01:30:06.910Z",
"dateReserved": "2024-10-21T19:36:19.982Z",
"dateUpdated": "2026-05-23T15:54:54.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50271 (GCVE-0-2024-50271)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-11 20:48
VLAI
EPSS
Title
signal: restore the override_rlimit logic
Summary
In the Linux kernel, the following vulnerability has been resolved:
signal: restore the override_rlimit logic
Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of
ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of
signals. However now it's enforced unconditionally, even if
override_rlimit is set. This behavior change caused production issues.
For example, if the limit is reached and a process receives a SIGSEGV
signal, sigqueue_alloc fails to allocate the necessary resources for the
signal delivery, preventing the signal from being delivered with siginfo.
This prevents the process from correctly identifying the fault address and
handling the error. From the user-space perspective, applications are
unaware that the limit has been reached and that the siginfo is
effectively 'corrupted'. This can lead to unpredictable behavior and
crashes, as we observed with java applications.
Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip
the comparison to max there if override_rlimit is set. This effectively
restores the old behavior.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d64696905554e919321e31afc210606653b8f6a4 , < 012f4d5d25e9ef92ee129bd5aa7aa60f692681e1
(git)
Affected: d64696905554e919321e31afc210606653b8f6a4 , < 4877d9b2a2ebad3ae240127aaa4cb8258b145cf7 (git) Affected: d64696905554e919321e31afc210606653b8f6a4 , < 0208ea17a1e4456fbfe555f13ae5c28f3d671e40 (git) Affected: d64696905554e919321e31afc210606653b8f6a4 , < 9e05e5c7ee8758141d2db7e8fea2cab34500c6ed (git) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:15:03.580178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:23.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:51.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/user_namespace.h",
"kernel/signal.c",
"kernel/ucount.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "012f4d5d25e9ef92ee129bd5aa7aa60f692681e1",
"status": "affected",
"version": "d64696905554e919321e31afc210606653b8f6a4",
"versionType": "git"
},
{
"lessThan": "4877d9b2a2ebad3ae240127aaa4cb8258b145cf7",
"status": "affected",
"version": "d64696905554e919321e31afc210606653b8f6a4",
"versionType": "git"
},
{
"lessThan": "0208ea17a1e4456fbfe555f13ae5c28f3d671e40",
"status": "affected",
"version": "d64696905554e919321e31afc210606653b8f6a4",
"versionType": "git"
},
{
"lessThan": "9e05e5c7ee8758141d2db7e8fea2cab34500c6ed",
"status": "affected",
"version": "d64696905554e919321e31afc210606653b8f6a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/user_namespace.h",
"kernel/signal.c",
"kernel/ucount.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsignal: restore the override_rlimit logic\n\nPrior to commit d64696905554 (\"Reimplement RLIMIT_SIGPENDING on top of\nucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of\nsignals. However now it\u0027s enforced unconditionally, even if\noverride_rlimit is set. This behavior change caused production issues. \n\nFor example, if the limit is reached and a process receives a SIGSEGV\nsignal, sigqueue_alloc fails to allocate the necessary resources for the\nsignal delivery, preventing the signal from being delivered with siginfo. \nThis prevents the process from correctly identifying the fault address and\nhandling the error. From the user-space perspective, applications are\nunaware that the limit has been reached and that the siginfo is\neffectively \u0027corrupted\u0027. This can lead to unpredictable behavior and\ncrashes, as we observed with java applications.\n\nFix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip\nthe comparison to max there if override_rlimit is set. This effectively\nrestores the old behavior."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:48:53.653Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/012f4d5d25e9ef92ee129bd5aa7aa60f692681e1"
},
{
"url": "https://git.kernel.org/stable/c/4877d9b2a2ebad3ae240127aaa4cb8258b145cf7"
},
{
"url": "https://git.kernel.org/stable/c/0208ea17a1e4456fbfe555f13ae5c28f3d671e40"
},
{
"url": "https://git.kernel.org/stable/c/9e05e5c7ee8758141d2db7e8fea2cab34500c6ed"
}
],
"title": "signal: restore the override_rlimit logic",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50271",
"datePublished": "2024-11-19T01:30:09.788Z",
"dateReserved": "2024-10-21T19:36:19.982Z",
"dateUpdated": "2026-05-11T20:48:53.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…