PT-2024-34091 · Linux+6 · Linux Kernel+6

Published

2024-10-22

·

Updated

2025-10-03

·

CVE-2024-50259

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61
Description: A vulnerability in the Linux kernel has been resolved, specifically in the netdevsim module. The issue was found by a static analyzer and involves the need to add a trailing zero to terminate a string in the nsim nexthop bucket activity write() function after using copy from user(), especially when performing string operations like sscanf(). This ensures the function performs properly.
Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider ensuring that all string operations in the nsim nexthop bucket activity write() function are properly terminated to prevent potential exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-16040
ALT-PU-2024-17211
ALT-PU-2024-17891
ALT-PU-2025-12647
AZL-53244
AZL-53289
BDU:2025-07891
CVE-2024-50259
DLA-4008-1
DSA-5818-1
MGASA-2024-0368
MGASA-2024-0369
OESA-2024-2522
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4346-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4345-1
SUSE-SU-2024:4346-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu