CVE-2024-50264

Summary

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < 5f092a4271f6dccf88fe0d132475a17b69ef71dfaffected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < fd8ae346692a56b4437d626c5460c7104980f389affected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1affected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < 2a6a4e69f255b7aed17f93995691ab4f0d3c2203affected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < 44d29897eafd0e1196453d3003a4d5e0b968eeabaffected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < b110196fec44fe966952004bd426967c2a8fd358affected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < 5f970935d09934222fdef3d0e20c648ea7a963c1affected
LinuxLinux06a8fc78367d070720af960dcecec917d3ae5f3b < 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05faffected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux4.19.324 <= 4.19.*unaffected
LinuxLinux5.4.286 <= 5.4.*unaffected
LinuxLinux5.10.230 <= 5.10.*unaffected
LinuxLinux5.15.172 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References