PT-2024-33931 · Linux+11 · Linux Kernel+11

Published

2024-11-05

·

Updated

2025-10-03

·

CVE-2024-50099

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue concerns the Linux kernel's arm64 probes, specifically the removal of broken LDR (literal) uprobe support. The simulate ldr literal() and simulate ldrsw literal() functions are unsafe for use with uprobes as they access memory with plain C accesses, which can lead to faults and kernel thread kills. There are three key problems:
  1. The plain C accesses lack corresponding extable entries, resulting in BUG() and potential lockup or panic.
  2. These accesses are subject to HW PAN and SW PAN, causing faults when simulating user instructions on systems with these features.
  3. The plain C accesses are privileged, running in kernel context and potentially accessing a small range of kernel virtual addresses.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2024:10943
ALSA-2024:10944
ALSA-2024:11486
ALSA-2024_10943
ALSA-2024_10944
ALSA-2024_11486
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-14505
ALT-PU-2024-15251
ALT-PU-2024-15739
ALT-PU-2024-16172
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-52555
AZL-52578
BDU:2025-03358
CESA-2024_10943
CESA-2024_10944
CVE-2024-50099
DLA-4008-1
DLA-4075-1
INFSA-2024_10943
INFSA-2024_10944
INFSA-2024_11486
OESA-2024-2424
OESA-2024-2425
OESA-2024-2445
OESA-2024-2446
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
RHSA-2024:10943
RHSA-2024:10944
RHSA-2024:11486
RHSA-2024_10943
RHSA-2024_10944
RHSA-2024_11486
RHSA-2025:2270
RLSA-2024:10943
RLSA-2024:10944
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4367-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7393-1
USN-7401-1
USN-7403-1
USN-7413-1
USN-7451-1
USN-7458-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu