CVE-2024-50145

Summary

CVE-2024-50145 is a vulnerability affecting the Linux kernel. In the function __octep_oq_process_rx(), if the build_skb() call fails due to memory allocation, the system could experience a NULL pointer dereference. This issue occurs during NAPI polling and can falsely indicate to the octep_napi_poll() function that the Rx pressure is decreasing. To mitigate this vulnerability, the Linux kernel now handles skb allocation failures within __octep_oq_process_rx(), avoiding NULL pointer dereference and preventing the unnecessary propagation of dropped packets up the network stack. The kernel also includes a helper function to unmmap and flush fragment buffers associated with the dropped packet, and increments the 'alloc_failures' counter to mark the error in driver statistics. This vulnerability was discovered by the Linux Verification Center (linuxtesting.org) using SVACE.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.