CVE-2024-50130

Summary

CVE-2024-50130 is a vulnerability affecting the Linux kernel's netfilter subsystem. The issue stems from a use-after-free condition in the function __nf_unregister_net_hook(). This bug occurs when bpf fails to hold a reference on the associated net namespace, allowing the netns to be dismantled or freed before the hook registration is complete. As a result, a read operation attempts to access memory that has already been freed, potentially leading to unexpected behavior or system crashes. To address this vulnerability, it is recommended to ensure that netfilter properly holds a reference on the net namespace during hook registration and release it after the unregistration process. This change should prevent the use-after-free condition and mitigate the associated risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.