PT-2024-33943 · Linux+10 · Linux Kernel+10

Published

2024-11-05

·

Updated

2025-10-03

·

CVE-2024-50110

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61
Description: A kernel-infoleak issue was discovered in the Linux kernel, specifically in the xfrm algorithm dumping functionality. The issue was found during fuzz testing and is related to the copying of xfrm algorithms, where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random, possibly sensitive data, and should never be given directly to user-space. The issue was discovered by the Linux Verification Center with Syzkaller.
Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting access to the xfrm algorithm dumping functionality until a patch is available.

Exploit

Fix

Use of Uninitialized Resource

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-401

Related Identifiers

ALSA-2024:10943
ALSA-2024:10944
ALSA-2024:11486
ALSA-2024_10943
ALSA-2024_10944
ALSA-2024_11486
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-15245
ALT-PU-2024-15251
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-52479
AZL-52526
BDU:2025-03365
CESA-2024_10943
CESA-2024_10944
CVE-2024-50110
DLA-4008-1
INFSA-2024_10943
INFSA-2024_10944
INFSA-2024_11486
MGASA-2024-0368
MGASA-2024-0369
OESA-2025-1097
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
RHSA-2024:10943
RHSA-2024:10944
RHSA-2024:11486
RHSA-2024_10943
RHSA-2024_10944
RHSA-2024_11486
RHSA-2025:1658
RLSA-2024:10943
RLSA-2024:10944
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu