CVE-2024-50096

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 12, 2024

Summary

CVE-2024-50096 is a vulnerability affecting the Linux kernel's nouveau driver. The issue lies in the `nouveau_dmem_copy_one` function, which sends a copy push command to the device firmware but fails to track whether it was executed successfully. In case of a copy error, the function may report success, and the `migrate_to_ram` function could return a dirty HIGH_USER page containing sensitive or corrupted data to the user. To mitigate this vulnerability, the affected kernel has been updated to allocate a zero page to be returned in the event of an error.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ztyLgf
https://www.cve.org/CVERecord?id=CVE-2024-50096
https://nvd.nist.gov/vuln/detail/CVE-2024-50096

Back to Vulnerability Database

CVE-2024-50096

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations