CVE-2024-50260 in Linuxinfo

Summary

by MITRE • 11/09/2024

In the Linux kernel, the following vulnerability has been resolved:

sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()

The following race condition could trigger a NULL pointer dereference:

sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex);

Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 10/02/2025

The vulnerability identified as CVE-2024-50260 represents a critical NULL pointer dereference flaw within the Linux kernel's socket map implementation, specifically affecting the sock_map_link_update_prog() function. This issue manifests as a race condition that occurs during concurrent operations involving socket map link management, where the kernel fails to properly validate pointer states before dereferencing them. The vulnerability arises from the improper handling of socket map link structures during the process of detaching and updating program links, creating a scenario where a null reference can be accessed leading to potential system crashes or denial of service conditions.

The technical flaw stems from a race condition between two kernel functions that operate on the same shared data structure without adequate synchronization mechanisms to prevent conflicting access patterns. When sock_map_link_detach() executes, it sets the sockmap_link->map pointer to NULL while holding the sockmap_mutex lock, but this action creates a window where sock_map_link_update_prog() can attempt to access the same pointer after the mutex has been released. The sequence demonstrates a classic race condition pattern where the first function modifies the state of a shared resource while the second function attempts to read it without proper validation, resulting in a NULL pointer dereference when the lookup operation occurs.

This vulnerability operates at the kernel level and presents significant operational impact across Linux systems utilizing socket map functionality, particularly in environments where network filtering, traffic control, or eBPF program management is prevalent. The race condition can be triggered through concurrent operations involving socket map link management, potentially allowing malicious actors to cause system instability or denial of service conditions. The flaw specifically affects systems where eBPF (extended Berkeley Packet Filter) programs are actively managing socket connections, making it particularly relevant for network security appliances, firewalls, and high-performance network applications that rely on kernel-level socket manipulation.

The fix implemented addresses the core issue by introducing a NULL pointer check within the sock_map_link_update_prog() function, preventing execution when the map pointer has been invalidated by the detachment process. This mitigation aligns with established security practices for race condition prevention and follows the principle of defensive programming by validating all pointer references before dereferencing them. The solution directly addresses the underlying CWE-476 weakness category related to NULL pointer dereference and provides a robust approach to preventing the specific race condition pattern described in the vulnerability. Organizations should prioritize applying this kernel patch to prevent exploitation attempts and maintain system stability, particularly in production environments where network filtering and eBPF program management are actively utilized, as the vulnerability could potentially be leveraged to disrupt critical network services or compromise system availability through denial of service attacks.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/09/2024

Moderation

accepted

CPE

ready

EPSS

0.00166

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!