CVE-2024-50154 — Use After Free in Linux
Severity
7.0HIGHNVD
OSV8.8OSV7.8OSV5.5
EPSS
0.0%
top 94.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 7
Latest updateMay 26
Description
In the Linux kernel, the following vulnerability has been resolved:
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().
"""
We are seeing a use-after-free from a bpf prog attached to
trace_tcp_retransmit_synack. The program passes the req->sk to the
bpf_sk_storage_get_tracing kernel helper which does check for null
before using it.
"""
The commit 83fccfc3940c ("inet: fix potential deadlock in
reqsk_queue_unlink()…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9