CVE-2024-50094

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 13, 2024

Summary

CVE-2024-50094 is a vulnerability in the Linux kernel affecting the sfc driver. The issue stems from the netpoll function, which invokes the driver's NAPI function with a zero budget. In the context of netpoll, the driver unconditionally calls xdp_do_flush(), leading to a crash due to an unassigned bpf_net_context. To mitigate this vulnerability, xdp_do_flush() should only be invoked when the budget is not zero.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ztzdrm
https://www.cve.org/CVERecord?id=CVE-2024-50094
https://nvd.nist.gov/vuln/detail/CVE-2024-50094

Back to Vulnerability Database