CVE-2024-50260
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()
The following race condition could trigger a NULL pointer dereference:
sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); … sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); … sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue>
Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 9afe35fdda16e09d5bd3c49a68ba8c680dd678bd | affected |
| Linux | Linux | 699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 740be3b9a6d73336f8c7d540842d0831dc7a808b | affected |
| Linux | Linux | 6.10 | affected |
| Linux | Linux | 0 < 6.10 | unaffected |
| Linux | Linux | 6.11.7 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd
- https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.