NULL Pointer Dereference Vulnerability in Linux Kernel Sock Map
CVE-2024-50260

4.7MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 November 2024

🔔 Create Linux Vulnerability Alert

What is CVE-2024-50260?

In the Linux kernel, the following vulnerability has been resolved:

sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()

The following race condition could trigger a NULL pointer dereference:

sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex);

Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.

Affected Version(s)

Linux 699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 9afe35fdda16e09d5bd3c49a68ba8c680dd678bd

Linux 699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 < 740be3b9a6d73336f8c7d540842d0831dc7a808b

Linux 6.10

References

https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a6...

https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d5408...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 21, 2024