PT-2024-10024 · Linux+11 · Linux Kernel+11

Chen Ridong

+1

·

Published

2024-11-04

·

Updated

2025-11-18

·

CVE-2024-50301

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0-14930-gafbffd6c3ede
Description The issue is related to a slab-out-of-bounds read in the key task permission function. This can be caused by a mistake in the search nested keyrings function when it iterates through slots in a node. If a slot pointer is meta and the node's back pointer is not null, it proceeds to descend to node. However, if the node is the root and one of the slots points to a shortcut, it may be treated as a keyring, leading to a read out-of-bounds. The vulnerability can be reproduced by obtaining more than 32 inputs with similar hashes and rebooting and adding these keys.
Recommendations To fix this issue, one should jump to descend to node if the pointer is a shortcut, regardless of whether the node is the root or not. As a temporary workaround, consider restricting access to the search nested keyrings function until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:17377
ALSA-2025:9580
ALSA-2025:9581
ALT-PU-2024-16040
ALT-PU-2024-17099
ALT-PU-2024-17211
ALT-PU-2024-17254
ALT-PU-2024-17891
ALT-PU-2025-12647
AZL-53429
AZL-53648
BDU:2025-00152
CESA-2025_9580
CESA-2025_9581
CVE-2024-50301
DLA-4008-1
DLA-4075-1
DSA-5818-1
INFSA-2025_17377
INFSA-2025_9580
INFSA-2025_9581
OESA-2024-2493
OESA-2024-2494
OESA-2024-2495
OESA-2024-2536
OESA-2024-2537
OPENSUSE-SU-2024_4313-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4346-1
OPENSUSE-SU-2024_4376-1
RHSA-2025:17377
RHSA-2025:9580
RHSA-2025:9581
RHSA-2025_17377
RHSA-2025_9580
RHSA-2025_9581
SUSE-SU-2024:4313-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4317-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4345-1
SUSE-SU-2024:4346-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4367-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2024:4388-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:02069-1
SUSE-SU-2025:02070-1
SUSE-SU-2025:02071-1
SUSE-SU-2025:02075-1
SUSE-SU-2025:02076-1
SUSE-SU-2025:02077-1
SUSE-SU-2025:02095-1
SUSE-SU-2025:02096-1
SUSE-SU-2025:02101-1
SUSE-SU-2025:02106-1
SUSE-SU-2025:02107-1
SUSE-SU-2025:02110-1
SUSE-SU-2025:02111-1
SUSE-SU-2025:02113-1
SUSE-SU-2025:02116-1
SUSE-SU-2025:02117-1
SUSE-SU-2025:02124-1
SUSE-SU-2025:02125-1
SUSE-SU-2025:02126-1
SUSE-SU-2025:02127-1
SUSE-SU-2025:02131-1
SUSE-SU-2025:02134-1
SUSE-SU-2025:02136-1
SUSE-SU-2025:02139-1
SUSE-SU-2025:02140-1
SUSE-SU-2025:02142-1
SUSE-SU-2025:02144-1
SUSE-SU-2025:02154-1
SUSE-SU-2025:02157-1
SUSE-SU-2025:02162-1
SUSE-SU-2025:02171-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025:20431-1
SUSE-SU-2025:20435-1
SUSE-SU-2025:20436-1
SUSE-SU-2025:20437-1
SUSE-SU-2025:20448-1
SUSE-SU-2025:20450-1
SUSE-SU-2025:4123-1
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7393-1
USN-7401-1
USN-7413-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu