CVE-2024-50167

MEDIUM

Linux Kernel Use-After-Free in be_xmit()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.

References (10)

Core 10

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Patch

https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26

Patch

https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e

Patch

https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc

Patch

https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7

Patch

https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be

Patch

https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae

Patch

https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3

Patch

https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd305f9b892c00899089bd621

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (27)

linux/Kernel 4.2.0 - 4.19.323linux

linux/Kernel 4.20.0 - 5.4.285linux

linux/Kernel 5.11.0 - 5.15.170linux

linux/Kernel 5.16.0 - 6.1.115linux

linux/Kernel 5.5.0 - 5.10.229linux

linux/Kernel 6.2.0 - 6.6.59linux

linux/Kernel 6.7.0 - 6.11.6linux

Linux/Linux < 4.2

Linux/Linux 4.19.323 - 4.19.*

Linux/Linux 4.2

... and 17 more

Published Nov 07, 2024

Tracked Since Feb 18, 2026