PT-2024-34001 · Linux+5 · Linux Kernel+5

Published

2024-10-13

·

Updated

2025-10-03

·

CVE-2024-50169

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.6.61
Description: A vulnerability in the Linux kernel has been resolved, related to the vsock protocol. The issue was caused by a mismatch in the rx bytes value after a packet was dequeued, leading to a warning on SOCK STREAM recv(). The vulnerability was fixed by updating rx bytes on read skb() and ensuring that virtio transport inc rx pkt() and virtio transport dec rx pkt() calls are balanced. This fix also informs the peer that space has been freed up and it has more credit.
Recommendations: For Linux Kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vsock protocol until a patch is available. Avoid using the rx bytes value in the affected SOCK STREAM recv() function until the issue is resolved.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-53450
BDU:2025-07916
CVE-2024-50169
INFSA-2025_6966
MGASA-2024-0368
MGASA-2024-0369
OESA-2024-2492
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linux Kernel
Linuxmint
Red Hat
Suse
Ubuntu