Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2024-50186— net: explicitly clear the sk pointer, when pf->create fails

AI Predicted 6.5 Difficulty: Moderate EPSS 0.23% · P14

Affected Version Matrix 17

VendorProductVersion RangeStatus
LinuxLinux78e4aa528a7b1204219d808310524344f627d069< daf462ff3cde6ecf22b98d9ae770232c10d28de2affected
893eeba94c40d513cd0fe6539330ebdaea208c0e< b7d22a79ff4e962b8af5ffe623abd1d6c179eb9faffected
454c454ed645fed051216b79622f7cb69c1638f5< 563e6892e21d6ecabdf62103fc4e7b326d212334affected
6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2< 8e1b72fd74bf9da3b099d09857f4e7f114f38e12affected
6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2< 631083143315d1b192bd7d915b967b37819e88eaaffected
5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9affected
5.15.162< 5.15.168affected
6.1.96< 6.1.113affected
… +9 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-50186

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: explicitly clear the sk pointer, when pf->create fails
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf->create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails"). The problem is that commit did not fully address the problem, as some pf->create implementations do not use sk_common_release in their error paths. For example, we can use the same reproducer as in the above commit, but changing ping to arping. arping uses AF_PACKET socket and if packet_create fails, it will just sk_free the allocated sk object. While we could chase all the pf->create implementations and make sure they NULL the freed sk object on error from the socket, we can't guarantee future protocols will not make the same mistake. So it is easier to just explicitly NULL the sk pointer upon return from pf->create in __sock_create. We do know that pf->create always releases the allocated sk object on error, so if the pointer is not NULL, it is definitely dangling.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在socket创建失败时sk指针未清除。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 78e4aa528a7b1204219d808310524344f627d069 ~ daf462ff3cde6ecf22b98d9ae770232c10d28de2 -
LinuxLinux 6.10 -

II. Public POCs for CVE-2024-50186

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-50186

登录查看更多情报信息。

Patches & Fixes for CVE-2024-50186 (5)

Same Patch Batch · Linux · 2024-11-08 · 38 CVEs total

CVE-2024-50203bpf, arm64: Fix address emission with tag-based KASAN enabled
CVE-2024-50194arm64: probes: Fix uprobes for big-endian kernels
CVE-2024-50195posix-clock: Fix missing timespec64 check in pc_clock_settime()
CVE-2024-50196pinctrl: ocelot: fix system hang on level based interrupts
CVE-2024-50197pinctrl: intel: platform: fix error path in device_for_each_child_node()
CVE-2024-50198iio: light: veml6030: fix IIO device retrieval from embedded device
CVE-2024-50199mm/swapfile: skip HugeTLB pages for unuse_vma
CVE-2024-50200maple_tree: correct tree corruption on spanning store
CVE-2024-50201drm/radeon: Fix encoder->possible_clones
CVE-2024-50202nilfs2: propagate directory read errors from nilfs_find_entry()
CVE-2024-50193x86/entry_32: Clear CPU buffers after register restore in NMI return
CVE-2024-50204fs: don't try and remove empty rbtree node
CVE-2024-50205ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
CVE-2024-50206net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
CVE-2024-50207ring-buffer: Fix reader locking when changing the sub buffer order
CVE-2024-50209RDMA/bnxt_re: Add a check for memory allocation
CVE-2024-50208RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
CVE-2024-50210posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
CVE-2024-50211udf: refactor inode_bmap() to handle error
CVE-2024-50183scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

Showing top 20 of 38 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2024-50186

No comments yet


Leave a comment