Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-50293

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
19/11/2024
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/smc: do not leave a dangling sk pointer in __smc_create()<br /> <br /> Thanks to commit 4bbd360a5084 ("socket: Print pf-&gt;create() when<br /> it does not clear sock-&gt;sk on failure."), syzbot found an issue with AF_SMC:<br /> <br /> smc_create must clear sock-&gt;sk on failure, family: 43, type: 1, protocol: 0<br /> WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563<br /> Modules linked in:<br /> CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024<br /> RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563<br /> Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7<br /> RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246<br /> RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00<br /> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br /> RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50<br /> R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8<br /> R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0<br /> FS: 000055557b518380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 00000000003526f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> sock_create net/socket.c:1616 [inline]<br /> __sys_socket_create net/socket.c:1653 [inline]<br /> __sys_socket+0x150/0x3c0 net/socket.c:1700<br /> __do_sys_socket net/socket.c:1714 [inline]<br /> __se_sys_socket net/socket.c:1712 [inline]<br /> <br /> For reference, see commit 2d859aff775d ("Merge branch<br /> &amp;#39;do-not-leave-dangling-sk-pointers-in-pf-create-functions&amp;#39;")

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.11 (including) 6.11.8 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools