Out-of-bounds read in key_task_permission due to incorrect slot handling

CVE-2024-50301

What is CVE-2024-50301?

A vulnerability in the Linux Kernel related to the keyring functionality has been identified, specifically concerning slab-out-of-bounds conditions. When the function 'search_nested_keyrings' processes slots in a node, it’s possible for a slot pointer to become misinterpreted, particularly if a root node points to a shortcut. If 32 keys with similar hashes are added to the system, the nodes may split incorrectly, leading to an out-of-bounds read that bypasses normal access controls. This vulnerability can trigger unintended behavior and potential unauthorized access to user tasks. To remediate this flaw, adjustments to the decision process of whether a pointer is a keyring are necessary, ensuring that it consistently checks pointers regardless of the node type.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References