CVE-2024-50110
📋 TL;DR
This CVE-2024-50110 is a kernel information leak vulnerability in the Linux kernel's xfrm subsystem where uninitialized memory containing potentially sensitive data can be exposed to userspace during algorithm dumping operations. The vulnerability affects Linux systems using IPsec (xfrm) functionality. Attackers with local access can read kernel memory that may contain sensitive information.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive kernel memory containing cryptographic keys, passwords, or other privileged data, potentially leading to full system compromise through subsequent attacks.
Likely Case
Information disclosure of random kernel memory contents, which could include fragments of sensitive data that might aid in other attacks.
If Mitigated
Limited information disclosure with no direct privilege escalation, but still a security concern for sensitive environments.
🎯 Exploit Status
Requires local access and knowledge of xfrm subsystem. Found through fuzz testing by Linux Verification Center.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1e8fbd2441cb2ea28d6825f2985bf7d84af060bb, 610d4cea9b442b22b4820695fc3335e64849725e, 6889cd2a93e1e3606b3f6e958aa0924e836de4d2, c73bca72b84b453c8d26a5e7673b20adb294bf54, dc2ad8e8818e4bf1a93db78d81745b4877b32972
Vendor Advisory: https://git.kernel.org/stable/c/1e8fbd2441cb2ea28d6825f2985bf7d84af060bb
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable xfrm subsystem
linuxDisable the xfrm (IPsec) subsystem if not needed
echo 'install xfrm /bin/true' >> /etc/modprobe.d/disable-xfrm.conf
rmmod xfrm_user xfrm_algo xfrm4_tunnel xfrm6_tunnel xfrm4_mode_tunnel xfrm6_mode_tunnel xfrm
🧯 If You Can't Patch
- Restrict local user access to systems using mandatory access controls (SELinux/AppArmor)
- Monitor for unusual xfrm-related system calls and kernel memory access patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if xfrm modules are loaded: 'lsmod | grep xfrm' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Unusual xfrm state dumping operations
- Kernel warning messages about memory access
Network Indicators:
- Not applicable - local exploit only
SIEM Query:
Process execution of netlink commands related to xfrm or unusual kernel memory access patterns🔗 References
- https://git.kernel.org/stable/c/1e8fbd2441cb2ea28d6825f2985bf7d84af060bb
- https://git.kernel.org/stable/c/610d4cea9b442b22b4820695fc3335e64849725e
- https://git.kernel.org/stable/c/6889cd2a93e1e3606b3f6e958aa0924e836de4d2
- https://git.kernel.org/stable/c/c73bca72b84b453c8d26a5e7673b20adb294bf54
- https://git.kernel.org/stable/c/dc2ad8e8818e4bf1a93db78d81745b4877b32972
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
