Linux · Linux Kernel · CVE-2024-50281
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the KEYS: trusted: dcp component. This issue occurs when sealing or unsealing a key blob, as the system does not wait for the AEAD cipher operation to finish before resuming the seal and unseal calls. Under heavy system load, this can result in the buffer being removed from the stack before the cipher operation is complete, leading to NULL pointer dereference errors in the DCP driver during blob creation.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.