CVE-2024-50123

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 8, 2024

CWE ID 125

Summary

CVE-2024-50123 is a newly identified vulnerability in the Linux kernel. It involves an out-of-bounds read issue in the function bpf_link_show_fdinfo(), specifically related to sockmap links. The root cause is a missing BPF_LINK_TYPE invocation for sockmap links. To mitigate this vulnerability, the required BPF_LINK_TYPE invocation has been added, along with comments to prevent similar oversights in the future.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ztzODt
https://www.cve.org/CVERecord?id=CVE-2024-50123
https://nvd.nist.gov/vuln/detail/CVE-2024-50123

Back to Vulnerability Database