7

CVE-2024-50036

EPSS 0.06%
Published 21.10.2024 20:15:16
Last modified 03.11.2025 23:16:42
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

net: do not delay dst_entries_add() in dst_release()

dst_entries_add() uses per-cpu data that might be freed at netns
dismantle from ip6_route_net_exit() calling dst_entries_destroy()

Before ip6_route_net_exit() can be called, we release all
the dsts associated with this netns, via calls to dst_release(),
which waits an rcu grace period before calling dst_destroy()

dst_entries_add() use in dst_destroy() is racy, because
dst_entries_destroy() could have been called already.

Decrementing the number of dsts must happen sooner.

Notes:

1) in CONFIG_XFRM case, dst_destroy() can call
   dst_release_immediate(child), this might also cause UAF
   if the child does not have DST_NOCOUNT set.
   IPSEC maintainers might take a look and see how to address this.

2) There is also discussion about removing this count of dst,
   which might happen in future kernels.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.10.50 < 3.11

Linux ≫ Linux Kernel Version >= 3.12.26 < 3.13

Linux ≫ Linux Kernel Version >= 3.14.14 < 3.15

Linux ≫ Linux Kernel Version >= 3.15.7 < 3.16

Linux ≫ Linux Kernel Version >= 3.16 < 6.6.57

Linux ≫ Linux Kernel Version >= 6.7 < 6.11.4

Linux ≫ Linux Kernel Version6.12 Updaterc1

Linux ≫ Linux Kernel Version6.12 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.183

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

https://git.kernel.org/stable/c/3c7c918ec0aa3555372c5a57f18780b7a96c5cfc

Patch

https://git.kernel.org/stable/c/547087307bc19417b4f2bc85ba9664a3e8db5a6a

https://git.kernel.org/stable/c/a60db84f772fc3a906c6c4072f9207579c41166f

https://git.kernel.org/stable/c/ac888d58869bb99753e7652be19a151df9ecb35d

Patch

https://git.kernel.org/stable/c/e3915f028b1f1c37e87542e5aadd33728c259d96

https://git.kernel.org/stable/c/eae7435b48ffc8e9be0ff9cfeae40af479a609dd

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-50036

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50036

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50036

EUVD