CVE-2024-50293: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC: smc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0 WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 Modules linked in: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_create net/socket.c:1616 [inline] __sys_socket_create net/socket.c:1653 [inline] __sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [inline] __se_sys_socket net/socket.c:1712 [inline] For reference, see commit 2d859aff775d ("Merge branch 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'")
AI Analysis
Technical Summary
CVE-2024-50293 is a vulnerability identified in the Linux kernel, specifically within the net/smc (Shared Memory Communications) subsystem. The issue arises in the __smc_create() function, where a dangling socket pointer (sock->sk) is not properly cleared upon failure during socket creation. This improper handling can lead to a use-after-free or dangling pointer condition, which may cause kernel instability or potentially allow an attacker to execute arbitrary code or escalate privileges. The vulnerability was discovered through syzbot, an automated kernel fuzzer, which detected that the socket creation function for the AF_SMC (Address Family Shared Memory Communications) protocol family does not clear the socket's sk pointer on failure, violating expected kernel socket lifecycle management. The kernel stack trace and debugging information indicate the failure occurs in __sock_create at net/socket.c line 1563, with the root cause being that the pf->create() function does not clear sock->sk on failure as required. The vulnerability affects Linux kernel versions prior to the patch that merged commit 2d859aff775d, which ensures that dangling sk pointers are not left in pf_create functions. Although no CVSS score has been assigned yet, the vulnerability is significant because it involves kernel-level socket management, a critical component of the operating system's networking stack. Exploitation would require triggering socket creation failures in the AF_SMC protocol, which is less commonly used but present in Linux kernels. No known exploits are currently reported in the wild, and the issue was responsibly disclosed and patched promptly.
Potential Impact
For European organizations, the impact of CVE-2024-50293 could be substantial, particularly for those running Linux-based infrastructure, including servers, cloud environments, and embedded systems that utilize the affected kernel versions. The vulnerability could lead to kernel crashes (denial of service), which disrupt critical services and applications. More severe exploitation might allow attackers to execute arbitrary code with kernel privileges or escalate their privileges, compromising system confidentiality, integrity, and availability. This is especially concerning for sectors relying heavily on Linux servers such as finance, telecommunications, government, and critical infrastructure. Given the kernel-level nature of the flaw, successful exploitation could allow attackers to bypass many security controls, persist undetected, and move laterally within networks. However, the requirement to exploit a failure in AF_SMC socket creation limits the attack surface somewhat, as AF_SMC is not widely used compared to other socket families. Nonetheless, organizations using specialized Linux configurations or custom networking stacks should be vigilant. The lack of known exploits in the wild reduces immediate risk but does not eliminate the need for urgent remediation to prevent future attacks.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Immediately identify Linux systems running kernel versions prior to the patch that merged commit 2d859aff775d, focusing on those using or potentially using the AF_SMC protocol. 2) Apply the latest Linux kernel updates or patches that address CVE-2024-50293 as soon as they become available from trusted Linux distributions or kernel maintainers. 3) For systems where immediate patching is not feasible, consider disabling or restricting the use of the AF_SMC protocol family if it is not required, to reduce the attack surface. 4) Implement kernel hardening features such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and seccomp filters to limit the impact of potential kernel exploits. 5) Monitor system logs and kernel messages for unusual socket creation failures or crashes that could indicate attempted exploitation. 6) Employ intrusion detection systems capable of detecting anomalous kernel behavior or privilege escalation attempts. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These targeted actions go beyond generic advice by focusing on the specific subsystem and attack vector involved in this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-50293: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC: smc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0 WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 Modules linked in: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_create net/socket.c:1616 [inline] __sys_socket_create net/socket.c:1653 [inline] __sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [inline] __se_sys_socket net/socket.c:1712 [inline] For reference, see commit 2d859aff775d ("Merge branch 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'")
AI-Powered Analysis
Technical Analysis
CVE-2024-50293 is a vulnerability identified in the Linux kernel, specifically within the net/smc (Shared Memory Communications) subsystem. The issue arises in the __smc_create() function, where a dangling socket pointer (sock->sk) is not properly cleared upon failure during socket creation. This improper handling can lead to a use-after-free or dangling pointer condition, which may cause kernel instability or potentially allow an attacker to execute arbitrary code or escalate privileges. The vulnerability was discovered through syzbot, an automated kernel fuzzer, which detected that the socket creation function for the AF_SMC (Address Family Shared Memory Communications) protocol family does not clear the socket's sk pointer on failure, violating expected kernel socket lifecycle management. The kernel stack trace and debugging information indicate the failure occurs in __sock_create at net/socket.c line 1563, with the root cause being that the pf->create() function does not clear sock->sk on failure as required. The vulnerability affects Linux kernel versions prior to the patch that merged commit 2d859aff775d, which ensures that dangling sk pointers are not left in pf_create functions. Although no CVSS score has been assigned yet, the vulnerability is significant because it involves kernel-level socket management, a critical component of the operating system's networking stack. Exploitation would require triggering socket creation failures in the AF_SMC protocol, which is less commonly used but present in Linux kernels. No known exploits are currently reported in the wild, and the issue was responsibly disclosed and patched promptly.
Potential Impact
For European organizations, the impact of CVE-2024-50293 could be substantial, particularly for those running Linux-based infrastructure, including servers, cloud environments, and embedded systems that utilize the affected kernel versions. The vulnerability could lead to kernel crashes (denial of service), which disrupt critical services and applications. More severe exploitation might allow attackers to execute arbitrary code with kernel privileges or escalate their privileges, compromising system confidentiality, integrity, and availability. This is especially concerning for sectors relying heavily on Linux servers such as finance, telecommunications, government, and critical infrastructure. Given the kernel-level nature of the flaw, successful exploitation could allow attackers to bypass many security controls, persist undetected, and move laterally within networks. However, the requirement to exploit a failure in AF_SMC socket creation limits the attack surface somewhat, as AF_SMC is not widely used compared to other socket families. Nonetheless, organizations using specialized Linux configurations or custom networking stacks should be vigilant. The lack of known exploits in the wild reduces immediate risk but does not eliminate the need for urgent remediation to prevent future attacks.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Immediately identify Linux systems running kernel versions prior to the patch that merged commit 2d859aff775d, focusing on those using or potentially using the AF_SMC protocol. 2) Apply the latest Linux kernel updates or patches that address CVE-2024-50293 as soon as they become available from trusted Linux distributions or kernel maintainers. 3) For systems where immediate patching is not feasible, consider disabling or restricting the use of the AF_SMC protocol family if it is not required, to reduce the attack surface. 4) Implement kernel hardening features such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and seccomp filters to limit the impact of potential kernel exploits. 5) Monitor system logs and kernel messages for unusual socket creation failures or crashes that could indicate attempted exploitation. 6) Employ intrusion detection systems capable of detecting anomalous kernel behavior or privilege escalation attempts. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These targeted actions go beyond generic advice by focusing on the specific subsystem and attack vector involved in this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.986Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf762
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 1:55:48 PM
Last updated: 7/29/2025, 9:21:43 AM
Views: 8
Related Threats
CVE-2025-9008: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9007: Buffer Overflow in Tenda CH22
HighCVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.