PT-2024-34118 · Linux+3 · Linux Kernel+3

Syzbot

·

Published

2024-11-07

·

Updated

2025-07-16

·

CVE-2024-50293

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc6-next-20241106-syzkaller
Description: A vulnerability has been resolved in the Linux kernel, specifically in the net/smc component, where a dangling sk pointer is left in the smc create() function. This issue was discovered by syzbot, thanks to a commit that prints a warning when the pf->create() function does not clear the sock->sk on failure. The vulnerability affects AF SMC with family: 43, type: 1, protocol: 0.
Recommendations: As a temporary workaround, consider disabling the smc create() function until a patch is available. Update to a version of the Linux kernel that includes the fix for this issue, which is available in versions after 6.12.0-rc6-next-20241106-syzkaller.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-07221
CVE-2024-50293
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7276-1
USN-7277-1
USN-7310-1

Affected Products

Linuxmint
Linux Kernel
Suse
Ubuntu