CVE-2024-50067 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-416 — Use After Free71 documents7 sources

Severity

7.8HIGHNVD

OSV8.8OSV5.5

EPSS

0.0%

top 90.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +6 more

Timeline

PublishedOct 28

Latest updateJan 12

Description

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large, but the size of percpu buffer is only page size. And store_trace_args() won't check whether these data exceeds a single page or not, caused out-of-bounds memory access. It could be reproduced by fol…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶NVDlinux/linux_kernel3.14 — 6.12+1

▶Debianlinux/linux_kernel< 6.1.119-1+2

▶Ubuntulinux/linux_kernel< 5.15.0-164.174+5

▶msrcmsrc/azl3_kernel_6.6.64.2-9_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2026-01-12

▶

OSV

linux-kvm vulnerabilities↗2026-01-09

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2026-01-06

▶

OSV

linux-oracle-5.4 vulnerabilities↗2025-12-19

▶

OSV

linux-raspi vulnerabilities↗2025-12-19

▶

📋Vendor Advisories

Ubuntu

Linux kernel (IoT) vulnerabilities↗2026-01-12

▶

Ubuntu

Linux kernel (KVM) vulnerabilities↗2026-01-09

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-01-06

▶

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2025-12-19

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-12-19

▶