7.8 CVE-2024-50264
Patch
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition. This
issue is resolved by initializing vsk->trans to NULL.
https://nvd.nist.gov/vuln/detail/CVE-2024-50264
Categories
CWE-416
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 4.8 | < 4.19.324 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 4.20 | < 5.4.286 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.5 | < 5.10.230 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.11 | < 5.15.172 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 5.16 | < 6.1.117 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.2 | < 6.6.61 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.7 | < 6.11.8 |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:* |
REMEDIATION
Patch
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.