CVE-2024-50264

HIGH

Published 2024-11-19T01:29:59.511Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-50264. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.8

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.112

Higher than 11.2% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition. This
issue is resolved by initializing vsk->trans to NULL.

Available Exploits

No exploits available for this CVE.

Related News

Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel

Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and effo…

Github.io 2025-09-03 06:58

Affected Products

Linux

Affected Versions:

06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b 06a8fc78367d070720af960dcecec917d3ae5f3b

Linux

Affected Versions:

4.8 0 4.19.324 5.4.286 5.10.230 5.15.172 6.1.117 6.6.61 6.11.8 6.12

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8vxc-ww8x-mxp8

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-50264

WEB https://git.kernel.org/stable/c/2a6a4e69f255b7aed17f93995691ab4f0d3c2203

WEB https://git.kernel.org/stable/c/44d29897eafd0e1196453d3003a4d5e0b968eeab

WEB https://git.kernel.org/stable/c/5f092a4271f6dccf88fe0d132475a17b69ef71df

WEB https://git.kernel.org/stable/c/5f970935d09934222fdef3d0e20c648ea7a963c1

WEB https://git.kernel.org/stable/c/6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f

WEB https://git.kernel.org/stable/c/b110196fec44fe966952004bd426967c2a8fd358

WEB https://git.kernel.org/stable/c/eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1

WEB https://git.kernel.org/stable/c/fd8ae346692a56b4437d626c5460c7104980f389

Advisory provided by GitHub Security Advisory Database. Published: November 19, 2024, Modified: November 21, 2024

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

9 posts

Reddit • 1 month ago

crstux

Exploit

🔥 Top 10 Trending CVEs (05/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-48539](https://nvd.nist.gov/vuln/detail/CVE-2025-48539)** - 📝 In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no …

Also mentions: CVE-2025-48539 CVE-2025-43300 CVE-2025-9074 CVE-2025-53772 CVE-2025-53149 CVE-2025-25231 CVE-2025-33073

1.0

View Original High Risk

Reddit • 1 month ago

xa1ry

Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel Alexander Popov published an [article](https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html) about exploiting a race condition in AF\_VSOCK subsystem, the bug that received a Pwnie Award 2025. Despite the bug collision with other researchers, Alexander found a new exploitation method for this bug by …

3.0

View Original

Reddit • 1 month ago

crstux

Exploit

🔥 Top 10 Trending CVEs (04/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-25231](https://nvd.nist.gov/vuln/detail/CVE-2025-25231)** …

Also mentions: CVE-2025-55177 CVE-2025-9478 CVE-2025-4609 CVE-2025-43300 CVE-2025-9074 CVE-2025-53772 CVE-2025-8088 CVE-2025-25231 CVE-2025-54309

1.0

View Original High Risk

Reddit • 1 month ago

netsec_burn

Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel

12.0

View Original

Reddit • 1 month ago

HNMod

Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel

3.0

View Original

Reddit • 1 month ago

crstux

Exploit

🔥 Top 10 Trending CVEs (03/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53772](https://nvd.nist.gov/vuln/detail/CVE-2025-53772)** - 📝 Web Deploy Remote Code Execution Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 8.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 6 - ⚠️ **Priority:** 2 - 📝 …

Also mentions: CVE-2025-55177 CVE-2025-9478 CVE-2025-4609 CVE-2025-43300 CVE-2025-53772 CVE-2025-8088 CVE-2025-53770 CVE-2025-54309 CVE-2025-49113 CVE-2020-3259

1.0

View Original High Risk

Reddit • 1 month ago

TheStartupChime

Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel

1.0

View Original

Reddit • 1 month, 3 weeks ago

crstux

Exploit

🔥 Top 10 Trending CVEs (12/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-32724](https://nvd.nist.gov/vuln/detail/CVE-2025-32724)** - 📝 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability - 📅 **Published:** 10/06/2025 - 📈 **CVSS:** 7.5 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ …

Also mentions: CVE-2025-55188 CVE-2025-53786 CVE-2025-41236 CVE-2025-49760 CVE-2025-53652 CVE-2025-32724 CVE-2025-32433 CVE-2024-53141

1.0

View Original High Risk

Reddit • 1 month, 3 weeks ago

crstux

Exploit

🔥 Top 10 Trending CVEs (11/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49760](https://nvd.nist.gov/vuln/detail/CVE-2025-49760)** - 📝 Windows Storage Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 3.5 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ **Priority:** 4 - 📝 **Analysis:** A …