{"vulnerability": "CVE-2024-50126", "sightings": [{"uuid": "825d0ea2-fe32-4bbb-a691-558c9e17ffab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50126", "type": "seen", "source": "https://t.me/cvedetector/9920", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50126 - Linux Kernel net sched RCU use-after-free vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50126 \nPublished : Nov. 5, 2024, 6:15 p.m. | 22\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: sched: use RCU read-side critical section in taprio_dump()  \n  \nFix possible use-after-free in 'taprio_dump()' by adding RCU  \nread-side critical section there. Never seen on x86 but  \nfound on a KASAN-enabled arm64 system when investigating  \n:  \n  \n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0  \n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862  \n[T15862]  \n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2  \n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024  \n[T15862] Call trace:  \n[T15862]  dump_backtrace+0x20c/0x220  \n[T15862]  show_stack+0x2c/0x40  \n[T15862]  dump_stack_lvl+0xf8/0x174  \n[T15862]  print_report+0x170/0x4d8  \n[T15862]  kasan_report+0xb8/0x1d4  \n[T15862]  __asan_report_load4_noabort+0x20/0x2c  \n[T15862]  taprio_dump+0xa0c/0xbb0  \n[T15862]  tc_fill_qdisc+0x540/0x1020  \n[T15862]  qdisc_notify.isra.0+0x330/0x3a0  \n[T15862]  tc_modify_qdisc+0x7b8/0x1838  \n[T15862]  rtnetlink_rcv_msg+0x3c8/0xc20  \n[T15862]  netlink_rcv_skb+0x1f8/0x3d4  \n[T15862]  rtnetlink_rcv+0x28/0x40  \n[T15862]  netlink_unicast+0x51c/0x790  \n[T15862]  netlink_sendmsg+0x79c/0xc20  \n[T15862]  __sock_sendmsg+0xe0/0x1a0  \n[T15862]  ____sys_sendmsg+0x6c0/0x840  \n[T15862]  ___sys_sendmsg+0x1ac/0x1f0  \n[T15862]  __sys_sendmsg+0x110/0x1d0  \n[T15862]  __arm64_sys_sendmsg+0x74/0xb0  \n[T15862]  invoke_syscall+0x88/0x2e0  \n[T15862]  el0_svc_common.constprop.0+0xe4/0x2a0  \n[T15862]  do_el0_svc+0x44/0x60  \n[T15862]  el0_svc+0x50/0x184  \n[T15862]  el0t_64_sync_handler+0x120/0x12c  \n[T15862]  el0t_64_sync+0x190/0x194  \n[T15862]  \n[T15862] Allocated by task 15857:  \n[T15862]  kasan_save_stack+0x3c/0x70  \n[T15862]  kasan_save_track+0x20/0x3c  \n[T15862]  kasan_save_alloc_info+0x40/0x60  \n[T15862]  __kasan_kmalloc+0xd4/0xe0  \n[T15862]  __kmalloc_cache_noprof+0x194/0x334  \n[T15862]  taprio_change+0x45c/0x2fe0  \n[T15862]  tc_modify_qdisc+0x6a8/0x1838  \n[T15862]  rtnetlink_rcv_msg+0x3c8/0xc20  \n[T15862]  netlink_rcv_skb+0x1f8/0x3d4  \n[T15862]  rtnetlink_rcv+0x28/0x40  \n[T15862]  netlink_unicast+0x51c/0x790  \n[T15862]  netlink_sendmsg+0x79c/0xc20  \n[T15862]  __sock_sendmsg+0xe0/0x1a0  \n[T15862]  ____sys_sendmsg+0x6c0/0x840  \n[T15862]  ___sys_sendmsg+0x1ac/0x1f0  \n[T15862]  __sys_sendmsg+0x110/0x1d0  \n[T15862]  __arm64_sys_sendmsg+0x74/0xb0  \n[T15862]  invoke_syscall+0x88/0x2e0  \n[T15862]  el0_svc_common.constprop.0+0xe4/0x2a0  \n[T15862]  do_el0_svc+0x44/0x60  \n[T15862]  el0_svc+0x50/0x184  \n[T15862]  el0t_64_sync_handler+0x120/0x12c  \n[T15862]  el0t_64_sync+0x190/0x194  \n[T15862]  \n[T15862] Freed by task 6192:  \n[T15862]  kasan_save_stack+0x3c/0x70  \n[T15862]  kasan_save_track+0x20/0x3c  \n[T15862]  kasan_save_free_info+0x4c/0x80  \n[T15862]  poison_slab_object+0x110/0x160  \n[T15862]  __kasan_slab_free+0x3c/0x74  \n[T15862]  kfree+0x134/0x3c0  \n[T15862]  taprio_free_sched_cb+0x18c/0x220  \n[T15862]  rcu_core+0x920/0x1b7c  \n[T15862]  rcu_core_si+0x10/0x1c  \n[T15862]  handle_softirqs+0x2e8/0xd64  \n[T15862]  __do_softirq+0x14/0x20 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T19:44:21.000000Z"}, {"uuid": "d8487cbc-c077-4861-b533-7e050a02327f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50126", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-729/", "content": "", "creation_timestamp": "2025-07-30T03:00:00.000000Z"}]}