CVE-2024-50127

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: sched: fix use-after-free in taprio_change()

In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < 2f868ce6013548a713c431c679ef73747a66fcf3affected
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < 8a283a19026aaae8a773fd8061263cfa315b127faffected
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < 999612996df28d81f163dad530d7f8026e03aec6affected
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < fe371f084073e8672a2d7d46b335c3c060d1e301affected
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < 0d4c0d2844e4eac3aed647f948fd7e60eea56a61affected
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < 2240f9376f20f8b6463232b4ca7292569217237faffected
LinuxLinuxa3d43c0d56f1b94e74963a2fbadfb70126d92213 < f504465970aebb2467da548f7c1efbbf36d0f44baffected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.229 <= 5.10.*unaffected
LinuxLinux5.15.170 <= 5.15.*unaffected
LinuxLinux6.1.115 <= 6.1.*unaffected
LinuxLinux6.6.59 <= 6.6.*unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References