CVE-2024-50260

Sažetak

In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue> Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.

Reference

https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b
https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd

CVSS

Base:	4.7
Impact:	3.6
Exploitability:	1.0

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

13-11-2024 - 18:47

Objavljeno

09-11-2024 - 11:15