CVE-2024-50260

Summary

In the Linux kernel, the following vulnerability has been resolved:

sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()

The following race condition could trigger a NULL pointer dereference:

sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); … sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); … sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue>

Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 9afe35fdda16e09d5bd3c49a68ba8c680dd678bdaffected
LinuxLinux699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 740be3b9a6d73336f8c7d540842d0831dc7a808baffected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.11.7 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References