CVE-2024-50130

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A slab-use-after-free bug has been identified in the Linux kernel, specifically in the netfilter: bpf component. This issue arises when the nf unregister net hook() function is deferred after exit/close time, potentially due to a missing reference on the net namespace. The bug can be triggered through the bpf nf link release() function, leading to a read of size 8 at a specific memory address. Eric's analysis suggests that the bpf nf link attach() function assigns link->net = net without taking a reference on the net namespace, which may cause the netns to be dismantled or freed prematurely.

Recommendations: To resolve this issue, update the Linux kernel to version 6.6.61 or later. As a temporary workaround, consider restricting the use of the bpf nf link attach() function until a patch is available. Additionally, avoid using the link->net variable in the affected API endpoints until the issue is resolved.