CVE-2024-50084: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. unreferenced object 0xffffff80ca58b700 (size 192): comm "kunit_try_catch", pid 1215, jiffies 4294898264 hex dump (first 32 bytes): 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d... 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................ backtrace (crc 9c09c3fe): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4 [<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0400 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X..... 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9............... backtrace (crc daf014e9): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000dfdb1e81>] vcap_api_encode_rule_test+0x224/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0700 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X..... 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff <......../...... backtrace (crc 8d877792): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000006eadfab7>] vcap_rule_add_action+0x2d0/0x52c [<00000000323475d1>] vcap_api_encode_rule_test+0x4d4/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0900 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................ 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }............... backtrace (crc 34181e56): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000991e3564>] vcap_val_rule+0xcf0/0x13e8 [<00000000fc9868e5>] vcap_api_encode_rule_test+0x678/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0980 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X............. 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t..... backtrace (crc 275fd9be): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<000000001396a1a2>] test_add_de ---truncated---
AI Analysis
Technical Summary
CVE-2024-50084 is a high-severity vulnerability affecting the Linux kernel's networking subsystem, specifically within the Microchip VCAP (Versatile Content-Aware Processor) API. The vulnerability arises from a memory leak condition introduced after a previous fix for a use-after-free error in the function vcap_api_encode_rule_test(). The original patch (commit a3c1e45156ad) corrected a use-after-free flaw but inadvertently removed a necessary call to vcap_free_rule(), resulting in multiple memory leaks. These leaks are evidenced by unreferenced kernel objects of various sizes (64 to 192 bytes) detected during kernel memory leak detection (kmemleak) runs, particularly in the context of KUnit test executions. The backtraces indicate allocations in functions such as vcap_alloc_rule(), vcap_rule_add_key(), and vcap_rule_add_action(), all related to rule encoding and management within the VCAP API. The vulnerability is classified under CWE-416 (Use After Free), highlighting the risk of improper memory management leading to resource leaks. The CVSS 3.1 base score of 7.8 reflects a high severity, with an attack vector of local access (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). Although exploitation requires local access and some privileges, the impact can be severe, potentially allowing attackers to cause denial of service or escalate privileges by destabilizing kernel memory management. No known exploits are reported in the wild yet, and no official patches are linked in the provided data, indicating that mitigation relies on applying forthcoming or existing kernel updates that restore proper memory deallocation in the VCAP API.
Potential Impact
For European organizations, the impact of CVE-2024-50084 can be significant, especially for those relying on Linux-based infrastructure in networking equipment, servers, or embedded systems that utilize the Microchip VCAP API. The vulnerability could lead to kernel memory leaks that degrade system stability, cause denial of service, or open avenues for privilege escalation attacks. Critical sectors such as telecommunications, finance, government, and industrial control systems that deploy Linux kernels with affected versions may face operational disruptions or security breaches. Given the local attack vector, insider threats or attackers with limited access could exploit this flaw to compromise system integrity. The high impact on confidentiality, integrity, and availability underscores the risk of data exposure, unauthorized modifications, or service outages. European organizations with stringent compliance requirements (e.g., GDPR) must consider the potential for data breaches and operational interruptions resulting from exploitation of this vulnerability.
Mitigation Recommendations
To mitigate CVE-2024-50084 effectively, European organizations should: 1) Identify and inventory all Linux systems running kernel versions containing the affected commits, focusing on those using Microchip VCAP API features. 2) Apply the latest Linux kernel patches as soon as they become available that explicitly address the memory leak by reinstating the vcap_free_rule() calls. 3) If immediate patching is not feasible, consider disabling or restricting the use of the VCAP API or related networking features to minimize exposure. 4) Implement strict access controls to limit local user privileges, reducing the risk of exploitation by low-privileged users. 5) Monitor kernel logs and memory leak detection tools (e.g., kmemleak) for signs of abnormal memory usage or leaks indicative of exploitation attempts. 6) Conduct targeted security audits and penetration tests focusing on local privilege escalation and denial of service vectors related to kernel memory management. 7) Maintain up-to-date incident response plans that include procedures for kernel-level vulnerabilities and potential exploitation scenarios. These steps go beyond generic advice by emphasizing proactive detection, access restriction, and targeted patch management specific to the VCAP API context.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Poland
CVE-2024-50084: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. unreferenced object 0xffffff80ca58b700 (size 192): comm "kunit_try_catch", pid 1215, jiffies 4294898264 hex dump (first 32 bytes): 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z.........d... 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ................ backtrace (crc 9c09c3fe): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4 [<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0400 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ..........X..... 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9............... backtrace (crc daf014e9): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000dfdb1e81>] vcap_api_encode_rule_test+0x224/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0700 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ........(.X..... 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff <......../...... backtrace (crc 8d877792): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000006eadfab7>] vcap_rule_add_action+0x2d0/0x52c [<00000000323475d1>] vcap_api_encode_rule_test+0x4d4/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0900 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ................ 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }............... backtrace (crc 34181e56): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000991e3564>] vcap_val_rule+0xcf0/0x13e8 [<00000000fc9868e5>] vcap_api_encode_rule_test+0x678/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0980 (size 64): comm "kunit_try_catch", pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X............. 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g.........t..... backtrace (crc 275fd9be): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<000000001396a1a2>] test_add_de ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-50084 is a high-severity vulnerability affecting the Linux kernel's networking subsystem, specifically within the Microchip VCAP (Versatile Content-Aware Processor) API. The vulnerability arises from a memory leak condition introduced after a previous fix for a use-after-free error in the function vcap_api_encode_rule_test(). The original patch (commit a3c1e45156ad) corrected a use-after-free flaw but inadvertently removed a necessary call to vcap_free_rule(), resulting in multiple memory leaks. These leaks are evidenced by unreferenced kernel objects of various sizes (64 to 192 bytes) detected during kernel memory leak detection (kmemleak) runs, particularly in the context of KUnit test executions. The backtraces indicate allocations in functions such as vcap_alloc_rule(), vcap_rule_add_key(), and vcap_rule_add_action(), all related to rule encoding and management within the VCAP API. The vulnerability is classified under CWE-416 (Use After Free), highlighting the risk of improper memory management leading to resource leaks. The CVSS 3.1 base score of 7.8 reflects a high severity, with an attack vector of local access (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). Although exploitation requires local access and some privileges, the impact can be severe, potentially allowing attackers to cause denial of service or escalate privileges by destabilizing kernel memory management. No known exploits are reported in the wild yet, and no official patches are linked in the provided data, indicating that mitigation relies on applying forthcoming or existing kernel updates that restore proper memory deallocation in the VCAP API.
Potential Impact
For European organizations, the impact of CVE-2024-50084 can be significant, especially for those relying on Linux-based infrastructure in networking equipment, servers, or embedded systems that utilize the Microchip VCAP API. The vulnerability could lead to kernel memory leaks that degrade system stability, cause denial of service, or open avenues for privilege escalation attacks. Critical sectors such as telecommunications, finance, government, and industrial control systems that deploy Linux kernels with affected versions may face operational disruptions or security breaches. Given the local attack vector, insider threats or attackers with limited access could exploit this flaw to compromise system integrity. The high impact on confidentiality, integrity, and availability underscores the risk of data exposure, unauthorized modifications, or service outages. European organizations with stringent compliance requirements (e.g., GDPR) must consider the potential for data breaches and operational interruptions resulting from exploitation of this vulnerability.
Mitigation Recommendations
To mitigate CVE-2024-50084 effectively, European organizations should: 1) Identify and inventory all Linux systems running kernel versions containing the affected commits, focusing on those using Microchip VCAP API features. 2) Apply the latest Linux kernel patches as soon as they become available that explicitly address the memory leak by reinstating the vcap_free_rule() calls. 3) If immediate patching is not feasible, consider disabling or restricting the use of the VCAP API or related networking features to minimize exposure. 4) Implement strict access controls to limit local user privileges, reducing the risk of exploitation by low-privileged users. 5) Monitor kernel logs and memory leak detection tools (e.g., kmemleak) for signs of abnormal memory usage or leaks indicative of exploitation attempts. 6) Conduct targeted security audits and penetration tests focusing on local privilege escalation and denial of service vectors related to kernel memory management. 7) Maintain up-to-date incident response plans that include procedures for kernel-level vulnerabilities and potential exploitation scenarios. These steps go beyond generic advice by emphasizing proactive detection, access restriction, and targeted patch management specific to the VCAP API context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.942Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdcf26
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 7/3/2025, 2:11:55 PM
Last updated: 8/14/2025, 12:47:19 PM
Views: 16
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.