目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-50263— Linux kernel 安全漏洞

AI 预测 5.5 利用难度: 理论可行 EPSS 0.20% · P11

影响版本矩阵 6

厂商产品版本范围状态
LinuxLinuxd2406291483775ecddaee929231a39c70c08fda2< 3b85aa0da8cd01173b9afd1f70080fbb9576c4b0affected
d2406291483775ecddaee929231a39c70c08fda2< 985da552a98e27096444508ce5d853244019111faffected
6.8affected
< 6.8unaffected
6.11.7≤ 6.11.*unaffected
6.12≤ *unaffected
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2024-50263 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
fork: only invoke khugepaged, ksm hooks if no error
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. Their placement early in dup_mmap() only appears to have been meaningful for early error checking, and since functionally it'd require a very small allocation to fail (in practice 'too small to fail') that'd only occur in the most dire circumstances, meaning the fork would fail or be OOM'd in any case. Since both khugepaged and KSM tracking are there to provide optimisations to memory performance rather than critical functionality, it doesn't really matter all that much if, under such dire memory pressure, we fail to register an mm with these. As a result, we follow the example of commit d2081b2bf819 ("mm: khugepaged: make khugepaged_enter() void function") and make ksm_fork() a void function also. We only expose the mm to these functions once we are done with them and only if no error occurred in the fork operation.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在错误的情况下调用 khugepaged、ksm。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux d2406291483775ecddaee929231a39c70c08fda2 ~ 3b85aa0da8cd01173b9afd1f70080fbb9576c4b0 -
LinuxLinux 6.8 -

二、漏洞 CVE-2024-50263 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-50263 的情报信息

登录查看更多情报信息。

CVE-2024-50263 厂商安全公告 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2024-50263

暂无评论


发表评论