CVE-2024-50123 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2024-50123?

CVE-2024-50123 has a CVSS score of 7.1 (HIGH). This CVE describes an out-of-bounds read vulnerability in the Linux kernel's BPF subsystem specifically affecting sockmap link file descriptor information display. Attackers could potentially read kernel memory beyond intended boundaries, potentially exposing sensitive information or causing system instability. This affects systems running vulnerable Linux kernel versions with BPF sockmap functionality enabled.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the Linux kernel's BPF subsystem specifically affecting sockmap link file descriptor information display. Attackers could potentially read kernel memory beyond intended boundaries, potentially exposing sensitive information or causing system instability. This affects systems running vulnerable Linux kernel versions with BPF sockmap functionality enabled.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not explicitly stated in CVE description; typically affects kernel versions before the fix commits mentioned in references.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires BPF sockmap functionality to be enabled and used. Systems without BPF sockmap usage are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leakage, potential privilege escalation if combined with other vulnerabilities, or kernel panic causing denial of service.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially exposing sensitive data structures or pointers that could aid further exploitation.

🟢

If Mitigated

Limited impact with proper kernel hardening, SELinux/AppArmor, and BPF restrictions in place.

🌐 Internet-Facing: LOW - Requires local access or ability to execute BPF programs on the target system.

🏢 Internal Only: MEDIUM - Internal attackers with shell access could exploit this to gather kernel information for privilege escalation attempts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to create BPF sockmap links and access to the affected fdinfo functionality. Likely requires local access or ability to execute BPF programs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 6d79f12c0ce2bc8ff5f109093df1734bd6450615 and c2f803052bc7a7feb2e03befccc8e49b6ff1f5f5

Vendor Advisory: https://git.kernel.org/stable/c/6d79f12c0ce2bc8ff5f109093df1734bd6450615

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable BPF sockmap functionality

linux

Prevent creation of sockmap BPF links by disabling or restricting BPF functionality

sysctl -w kernel.unprivileged_bpf_disabled=1
echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled

🧯 If You Can't Patch

Restrict BPF functionality to privileged users only
Implement strict access controls to prevent unauthorized users from creating BPF programs

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if BPF sockmap is enabled. Examine /proc/sys/kernel/unprivileged_bpf_disabled setting.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: 'uname -r' and check with distribution's security advisories.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
BPF program creation logs
Unexpected fdinfo access patterns

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic events or BPF program creation by non-privileged users

📊 Metadata

CVE ID: CVE-2024-50123

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: November 5, 2024

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50123, you might also want to check these: