CVE intelligence and bounded remediation
CVE-2024-50293 — Linux Linux Kernel security vulnerability
In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC: smc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0 WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 Modules linked in: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2…
- Severity
- High
- CVSS
- 7.8 (3.1)
- Published
- 2024-11-19
- CISA KEV
- Not currently listed
- Ecosystem
- linux/kernel
- Weaknesses
- CWE-416
Affected products
- linux / linux_kernel
- linux / linux_kernel / 6.12
Matched remediation archetype
Use-after-free, double free, and expired resource use
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Trace ownership, references, callbacks, asynchronous tasks, and teardown paths around the affected object or resource.
- Identify reachable inputs and timing or state transitions that can release the object while references remain.
- Confirm affected builds, allocators, feature flags, architectures, and process privileges.
Remediate safely
- Apply the maintained ownership or lifetime fix and rebuild all artifacts containing the affected native code.
- Use explicit ownership, safe reference management, cancellation and join semantics, and idempotent teardown.
- Add deterministic lifetime tests plus isolated sanitizer and concurrency coverage for shutdown and error paths.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.