CVE-2024-50260

In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue> Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

History

13 Nov 2024, 18:47

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b - () https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b - Patch
References () https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd - () https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd - Patch
CWE CWE-476

12 Nov 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sock_map: corrige una desreferencia de puntero NULL en sock_map_link_update_prog() La siguiente condición de ejecución podría desencadenar una desreferencia de puntero NULL: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&amp;sockmap_mutex); ... sockmap_link-&gt;map = NULL; mutex_unlock(&amp;sockmap_mutex); mutex_lock(&amp;sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link-&gt;map); mutex_unlock(&amp;sockmap_mutex); Solucione el problema añadiendo una comprobación de puntero NULL. En este caso específico, no tiene sentido actualizar un enlace que se está publicando.

09 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-09 11:15

Updated : 2024-11-13 18:47


NVD link : CVE-2024-50260

Mitre link : CVE-2024-50260

CVE.ORG link : CVE-2024-50260


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference