CVE-2024-50127

HIGH EPSS 15.8%
Published Nov 5, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Nov 5, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.15.170
linuxlinux_kernel*≥5.16  –  <6.1.115
linuxlinux_kernel*≥6.2  –  <6.6.59
linuxlinux_kernel*≥6.7  –  <6.11.6
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 10

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf36d0f44b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf36d0f44b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301
    Patch