CVE-2024-50128: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as the oob fixed in commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"). ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 Read of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862 CPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x14f/0x750 mm/kasan/report.c:395 kasan_report+0x139/0x170 mm/kasan/report.c:495 validate_nla lib/nlattr.c:388 [inline] __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 __nla_parse+0x3c/0x50 lib/nlattr.c:700 nla_parse_nested_deprecated include/net/netlink.h:1269 [inline] __rtnl_newlink net/core/rtnetlink.c:3514 [inline] rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623 rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [inline] __sock_sendmsg net/socket.c:728 [inline] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [inline] __do_sys_sendmsg net/socket.c:2591 [inline] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f67b19a24ad RSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad RDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004 RBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40 </TASK> The buggy address belongs to the variable: wwan_rtnl_policy+0x20/0x40 The buggy address belongs to the physical page: page:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9 ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 >ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ^ ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== According to the comment of `nla_parse_nested_deprecated`, use correct size `IFLA_WWAN_MAX` here to fix this issue.
AI Analysis
Technical Summary
CVE-2024-50128 is a vulnerability identified in the Linux kernel, specifically within the wireless wide area network (wwan) netlink interface code. The flaw arises due to an out-of-bounds (OOB) read caused by an incorrect assignment of the maximum type value (maxtype) in the wwan_rtnl_link_ops variable. This incorrect maxtype leads to improper parsing of netlink attributes, resulting in a global out-of-bounds read when processing these attributes. The vulnerability is analogous to a previously fixed issue in the Qualcomm rmnet driver (commit b33fb5b801c6), indicating a similar root cause related to netlink attribute validation. The kernel's Kernel Address Sanitizer (KASAN) detected this OOB read in the validate_nla function, which is responsible for validating netlink attributes. The bug manifests as an invalid memory read of size one byte beyond the allocated bounds of the wwan_rtnl_policy array. The vulnerability is triggered during the handling of rtnetlink messages, specifically in the rtnl_newlink function that processes new network link requests. The root cause is the use of an incorrect size constant instead of the correct IFLA_WWAN_MAX, which should define the upper bound for netlink attribute parsing in the wwan context. This vulnerability could potentially be exploited by sending crafted netlink messages to the kernel's rtnetlink interface, causing the kernel to read beyond allocated memory, which may lead to information disclosure, kernel crashes (denial of service), or potentially facilitate further exploitation depending on the kernel's memory layout and protections. The vulnerability affects Linux kernel versions prior to the fix and is relevant to systems using the wwan netlink interface, commonly found in devices with cellular modem support or embedded systems using Linux for network management. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-50128 can be significant, especially for those relying on Linux-based infrastructure with cellular or wireless WAN capabilities. This includes telecom providers, IoT device manufacturers, embedded system operators, and enterprises using Linux servers or network appliances with wwan interfaces. Exploitation could lead to kernel crashes causing denial of service, disrupting critical network services or embedded device operations. In worst cases, the OOB read might be leveraged to leak sensitive kernel memory, potentially exposing confidential information or aiding privilege escalation attacks. Given the widespread use of Linux in European data centers, telecom infrastructure, and industrial control systems, this vulnerability poses a risk to operational continuity and data confidentiality. Additionally, the vulnerability could affect virtualized environments and cloud providers in Europe that use Linux kernels with wwan support, impacting multi-tenant environments. The lack of known exploits suggests a window for proactive patching before active exploitation, but the potential for impact remains high due to the kernel-level nature of the flaw.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to the latest patched versions that include the fix for CVE-2024-50128. Specifically, ensure that the kernel version includes the corrected use of IFLA_WWAN_MAX in the wwan_rtnl_policy to prevent out-of-bounds reads. For environments where immediate patching is not feasible, organizations should consider disabling or restricting access to the wwan netlink interface if it is not required, thereby reducing the attack surface. Network segmentation and strict firewall rules should be applied to limit access to netlink sockets, especially from untrusted or less secure network zones. Monitoring kernel logs for KASAN alerts or unusual rtnetlink activity can help detect attempted exploitation. Additionally, organizations should audit their Linux-based devices and embedded systems to identify those using wwan interfaces and prioritize them for patching. For critical infrastructure, implementing kernel hardening techniques such as Kernel Page Table Isolation (KPTI) and Address Space Layout Randomization (ASLR) can help mitigate exploitation impact. Finally, coordinate with Linux distribution vendors and embedded system suppliers to ensure timely updates and patches are applied.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Poland, Belgium
CVE-2024-50128: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as the oob fixed in commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"). ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 Read of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862 CPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x14f/0x750 mm/kasan/report.c:395 kasan_report+0x139/0x170 mm/kasan/report.c:495 validate_nla lib/nlattr.c:388 [inline] __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 __nla_parse+0x3c/0x50 lib/nlattr.c:700 nla_parse_nested_deprecated include/net/netlink.h:1269 [inline] __rtnl_newlink net/core/rtnetlink.c:3514 [inline] rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623 rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [inline] __sock_sendmsg net/socket.c:728 [inline] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [inline] __do_sys_sendmsg net/socket.c:2591 [inline] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f67b19a24ad RSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad RDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004 RBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40 </TASK> The buggy address belongs to the variable: wwan_rtnl_policy+0x20/0x40 The buggy address belongs to the physical page: page:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9 ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 >ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ^ ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== According to the comment of `nla_parse_nested_deprecated`, use correct size `IFLA_WWAN_MAX` here to fix this issue.
AI-Powered Analysis
Technical Analysis
CVE-2024-50128 is a vulnerability identified in the Linux kernel, specifically within the wireless wide area network (wwan) netlink interface code. The flaw arises due to an out-of-bounds (OOB) read caused by an incorrect assignment of the maximum type value (maxtype) in the wwan_rtnl_link_ops variable. This incorrect maxtype leads to improper parsing of netlink attributes, resulting in a global out-of-bounds read when processing these attributes. The vulnerability is analogous to a previously fixed issue in the Qualcomm rmnet driver (commit b33fb5b801c6), indicating a similar root cause related to netlink attribute validation. The kernel's Kernel Address Sanitizer (KASAN) detected this OOB read in the validate_nla function, which is responsible for validating netlink attributes. The bug manifests as an invalid memory read of size one byte beyond the allocated bounds of the wwan_rtnl_policy array. The vulnerability is triggered during the handling of rtnetlink messages, specifically in the rtnl_newlink function that processes new network link requests. The root cause is the use of an incorrect size constant instead of the correct IFLA_WWAN_MAX, which should define the upper bound for netlink attribute parsing in the wwan context. This vulnerability could potentially be exploited by sending crafted netlink messages to the kernel's rtnetlink interface, causing the kernel to read beyond allocated memory, which may lead to information disclosure, kernel crashes (denial of service), or potentially facilitate further exploitation depending on the kernel's memory layout and protections. The vulnerability affects Linux kernel versions prior to the fix and is relevant to systems using the wwan netlink interface, commonly found in devices with cellular modem support or embedded systems using Linux for network management. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-50128 can be significant, especially for those relying on Linux-based infrastructure with cellular or wireless WAN capabilities. This includes telecom providers, IoT device manufacturers, embedded system operators, and enterprises using Linux servers or network appliances with wwan interfaces. Exploitation could lead to kernel crashes causing denial of service, disrupting critical network services or embedded device operations. In worst cases, the OOB read might be leveraged to leak sensitive kernel memory, potentially exposing confidential information or aiding privilege escalation attacks. Given the widespread use of Linux in European data centers, telecom infrastructure, and industrial control systems, this vulnerability poses a risk to operational continuity and data confidentiality. Additionally, the vulnerability could affect virtualized environments and cloud providers in Europe that use Linux kernels with wwan support, impacting multi-tenant environments. The lack of known exploits suggests a window for proactive patching before active exploitation, but the potential for impact remains high due to the kernel-level nature of the flaw.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to the latest patched versions that include the fix for CVE-2024-50128. Specifically, ensure that the kernel version includes the corrected use of IFLA_WWAN_MAX in the wwan_rtnl_policy to prevent out-of-bounds reads. For environments where immediate patching is not feasible, organizations should consider disabling or restricting access to the wwan netlink interface if it is not required, thereby reducing the attack surface. Network segmentation and strict firewall rules should be applied to limit access to netlink sockets, especially from untrusted or less secure network zones. Monitoring kernel logs for KASAN alerts or unusual rtnetlink activity can help detect attempted exploitation. Additionally, organizations should audit their Linux-based devices and embedded systems to identify those using wwan interfaces and prioritize them for patching. For critical infrastructure, implementing kernel hardening techniques such as Kernel Page Table Isolation (KPTI) and Address Space Layout Randomization (ASLR) can help mitigate exploitation impact. Finally, coordinate with Linux distribution vendors and embedded system suppliers to ensure timely updates and patches are applied.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.955Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe000e
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:27:46 PM
Last updated: 8/7/2025, 12:43:56 PM
Views: 15
Related Threats
CVE-2025-8840: Improper Authorization in jshERP
MediumCVE-2025-8853: CWE-290 Authentication Bypass by Spoofing in 2100 Technology Official Document Management System
CriticalCVE-2025-8838: Improper Authentication in WinterChenS my-site
MediumCVE-2025-8837: Use After Free in JasPer
MediumCVE-2025-8661: Vulnerability in Broadcom Symantec PGP Encryption
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.