CVE-2024-50085 — Use After Free in Linux

CWE-416 — Use After Free62 documents7 sources

Severity

5.5MEDIUMNVD

OSV8.8OSV7.8

EPSS

0.0%

top 97.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +6 more

Timeline

PublishedOct 29

Latest updateMay 26

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662 CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶debiandebian/linux< linux 6.1.115-1 (bookworm)

▶debiandebian/linux-6.1< linux 6.1.115-1 (bookworm)

▶NVDlinux/linux_kernel5.15.167 — 5.15.169+5

▶Debianlinux/linux_kernel< 6.1.115-1+2

▶Ubuntulinux/linux_kernel< 5.15.0-133.144+2

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-raspi vulnerabilities↗2025-05-26

▶

OSV

linux-raspi-realtime vulnerabilities↗2025-05-20

▶

OSV

linux-azure-nvidia vulnerabilities↗2025-04-28

▶

OSV

linux-ibm-5.15 vulnerabilities↗2025-04-24

▶

OSV

linux-aws-6.8 vulnerabilities↗2025-04-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-05-26

▶

Ubuntu

Linux kernel (Raspberry Pi Real-time) vulnerabilities↗2025-05-20

▶

Ubuntu

Linux kernel (Azure, N-Series) vulnerabilities↗2025-04-28

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2025-04-24

▶

Ubuntu

Linux kernel vulnerabilities↗2025-04-23

▶