CVE-2024-50034

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc7-syzkaller-g5f5673607153

Description: The issue is related to a panic on IPPROTO SMC in the Linux kernel. When INET PROTOSW ICSK is set, icsk->icsk sync mss must also be set. The problem occurs due to a lack of synchronization of MSS within sys connect file for AF SMC. This can lead to a kernel NULL pointer dereference. A patch has been added to prevent such panic by performing a simple return, laying the groundwork for future support of this feature for IPPROTO SMC.

Recommendations: For Linux kernel versions prior to 6.11.0-rc7-syzkaller-g5f5673607153, consider applying the patch that adds a toy implementation to prevent the panic. This patch performs a simple return to prevent the kernel NULL pointer dereference, providing a temporary solution until full support for synchronizing MSS within sys connect file for AF SMC is implemented.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-15064

CVE-2024-50034

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2025:14705-1

SUSE-SU-2025:02254-1

SUSE-SU-2025:02307-1

SUSE-SU-2025:02333-1

SUSE-SU-2025_02254-1

SUSE-SU-2025_02307-1

SUSE-SU-2025_02333-1

USN-7276-1

USN-7277-1

USN-7310-1

Affected Products

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-50034

Weakness Enumeration

Related Identifiers

Affected Products

References · 1856