PT-2024-9882 · Linux+11 · Linux Kernel+11

Hyunwoo Kim

Publicado

2024-10-21

Atualizado

2026-01-15

CVE-2024-50264

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Nome do software vulnerável e versões afetadas

Kernel do Linux (versões afetadas não especificadas)

Descrição

O problema está relacionado à inicialização de um ponteiro pendente no módulo vsock/virtio, o que pode levar a uma condição de “Use-After-Free”. Isso poderia permitir que um invasor causasse uma negação de serviço ou, possivelmente, executasse código arbitrário. A vulnerabilidade é resolvida inicializando o ponteiro como NULL. Estima-se que mais de 55,7 milhões de serviços possam ser afetados. A vulnerabilidade já foi explorada em incidentes reais, incluindo uma demonstração na Zer0Con 2025 utilizando o projeto de código aberto kernel-hack-drill.

Recomendações

No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Exploit

LPE

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2024:10943

ALSA-2024:10944

ALSA-2024_10943

ALSA-2024_10944

ALSA-2025:2627

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALSA-2025_2627

ALT-PU-2024-16040

ALT-PU-2024-17099

ALT-PU-2024-17211

ALT-PU-2024-17254

ALT-PU-2024-17891

ALT-PU-2025-12647

ASB-A-378870958

AZL-53507

AZL-53672

BDU:2024-11660

CESA-2024_10943

CESA-2024_10944

CVE-2024-50264

DLA-4008-1

DLA-4075-1

DSA-5818-1

INFSA-2024_10943

INFSA-2024_10944

INFSA-2025_2627

LSN-0108-1

LSN-0109-1

OESA-2024-2522

OESA-2025-1033

OESA-2025-1034

OESA-2025-1035

OESA-2025-1037

OPENSUSE-SU-2024_4313-1

OPENSUSE-SU-2024_4314-1

OPENSUSE-SU-2024_4315-1

OPENSUSE-SU-2024_4316-1

OPENSUSE-SU-2024_4346-1

OPENSUSE-SU-2024_4376-1

OPENSUSE-SU-2025_0098-1

OPENSUSE-SU-2025_0101-1

OPENSUSE-SU-2025_0105-1

OPENSUSE-SU-2025_0106-1

OPENSUSE-SU-2025_0107-1

OPENSUSE-SU-2025_0108-1

OPENSUSE-SU-2025_0109-1

OPENSUSE-SU-2025_0110-1

OPENSUSE-SU-2025_0111-1

OPENSUSE-SU-2025_0112-1

OPENSUSE-SU-2025_0114-1

OPENSUSE-SU-2025_0115-1

OPENSUSE-SU-2025_0123-1

OPENSUSE-SU-2025_0124-1

OPENSUSE-SU-2025_0131-1

OPENSUSE-SU-2025_0132-1

OPENSUSE-SU-2025_0136-1

OPENSUSE-SU-2025_0137-1

OPENSUSE-SU-2025_0138-1

OPENSUSE-SU-2025_0146-1

OPENSUSE-SU-2025_0150-1

OPENSUSE-SU-2025_0158-1

OPENSUSE-SU-2025_0164-1

OPENSUSE-SU-2025_0168-1

OPENSUSE-SU-2025_0172-1

OPENSUSE-SU-2025_0173-1

OPENSUSE-SU-2025_0177-1

OPENSUSE-SU-2025_0179-1

OPENSUSE-SU-2025_0180-1

OPENSUSE-SU-2025_0181-1

OPENSUSE-SU-2025_0184-1

OPENSUSE-SU-2025_0185-1

OPENSUSE-SU-2025_0187-1

OPENSUSE-SU-2025_0188-1

OPENSUSE-SU-2025_0238-1

OPENSUSE-SU-2025_0239-1

OPENSUSE-SU-2025_0240-1

OPENSUSE-SU-2025_0243-1

OPENSUSE-SU-2025_0244-1

OPENSUSE-SU-2025_0245-1

OPENSUSE-SU-2025_0246-1

OPENSUSE-SU-2025_0248-1

OPENSUSE-SU-2025_0249-1

OPENSUSE-SU-2025_0251-1

OPENSUSE-SU-2025_0252-1

OPENSUSE-SU-2025_0253-1

OPENSUSE-SU-2025_0254-1

OPENSUSE-SU-2025_0255-1

OPENSUSE-SU-2025_0260-1

OPENSUSE-SU-2025_0261-1

OPENSUSE-SU-2025_0262-1

OPENSUSE-SU-2025_0264-1

OPENSUSE-SU-2025_0265-1

OPENSUSE-SU-2025_0266-1

RHSA-2024:10943

RHSA-2024:10944

RHSA-2024_10943

RHSA-2024_10944

RHSA-2025:2627

RHSA-2025:3510

RHSA-2025_2627

RLSA-2024:10943

RLSA-2024:10944

SUSE-SU-2024:4313-1

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4317-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4345-1

SUSE-SU-2024:4346-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4367-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2024:4388-1

SUSE-SU-2025:0035-1

SUSE-SU-2025:0083-1

SUSE-SU-2025:0084-1

SUSE-SU-2025:0085-1

SUSE-SU-2025:0089-1

SUSE-SU-2025:0090-1

SUSE-SU-2025:0091-1

SUSE-SU-2025:0094-1

SUSE-SU-2025:0097-1

SUSE-SU-2025:0098-1

SUSE-SU-2025:0100-1

SUSE-SU-2025:0101-1

SUSE-SU-2025:0103-1

SUSE-SU-2025:0105-1

SUSE-SU-2025:0106-1

SUSE-SU-2025:0107-1

SUSE-SU-2025:0108-1

SUSE-SU-2025:0109-1

SUSE-SU-2025:0110-1

SUSE-SU-2025:0111-1

SUSE-SU-2025:0112-1

SUSE-SU-2025:0114-1

SUSE-SU-2025:0115-1

SUSE-SU-2025:0123-1

SUSE-SU-2025:0124-1

SUSE-SU-2025:0131-1

SUSE-SU-2025:0132-1

SUSE-SU-2025:0136-1

SUSE-SU-2025:0137-1

SUSE-SU-2025:0138-1

SUSE-SU-2025:0146-1

SUSE-SU-2025:0150-1

SUSE-SU-2025:0158-1

SUSE-SU-2025:0164-1

SUSE-SU-2025:0168-1

SUSE-SU-2025:0172-1

SUSE-SU-2025:0173-1

SUSE-SU-2025:0177-1

SUSE-SU-2025:0179-1

SUSE-SU-2025:0180-1

SUSE-SU-2025:0181-1

SUSE-SU-2025:0184-1

SUSE-SU-2025:0185-1

SUSE-SU-2025:0187-1

SUSE-SU-2025:0188-1

SUSE-SU-2025:0238-1

SUSE-SU-2025:0239-1

SUSE-SU-2025:0240-1

SUSE-SU-2025:0243-1

SUSE-SU-2025:0244-1

SUSE-SU-2025:0245-1

SUSE-SU-2025:0246-1

SUSE-SU-2025:0248-1

SUSE-SU-2025:0249-1

SUSE-SU-2025:0251-1

SUSE-SU-2025:0252-1

SUSE-SU-2025:0253-1

SUSE-SU-2025:0254-1

SUSE-SU-2025:0255-1

SUSE-SU-2025:0260-1

SUSE-SU-2025:0261-1

SUSE-SU-2025:0262-1

SUSE-SU-2025:0264-1

SUSE-SU-2025:0265-1

SUSE-SU-2025:0266-1

SUSE-SU-2025:0269-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

SUSE-SU-2025:4123-1

USN-7167-1

USN-7167-2

USN-7169-1

USN-7169-2

USN-7169-3

USN-7169-4

USN-7169-5

USN-7170-1

USN-7173-1

USN-7173-2

USN-7173-3

USN-7179-1

USN-7179-2

USN-7179-3

USN-7179-4

USN-7185-1

USN-7185-2

USN-7186-1

USN-7186-2

USN-7194-1

USN-7195-1

USN-7195-2

USN-7196-1

USN-7413-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-9882 · Linux+11 · Linux Kernel+11

CVE-2024-50264

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3018