CVE-2024-50260

MEDIUM

Linux Kernel 6.10-6.11.6 - NULL Pointer Dereference in sock_map_link_update_prog

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue> Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd

Patch

https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b

Scores

CVSS v3 4.7

EPSS 0.0017

EPSS Percentile 6.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 6.10.0 - 6.11.7linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.11.7 - 6.11.*

Linux/Linux 6.12

Linux/Linux 699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 - 740be3b9a6d73336f8c7d540842d0831dc7a808b

Linux/Linux 699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 - 9afe35fdda16e09d5bd3c49a68ba8c680dd678bd

linux/linux_kernel 6.12 rc1 (5 CPE variants)

linux/linux_kernel 6.10 - 6.11.7

Published Nov 09, 2024

Tracked Since Feb 18, 2026