Login Sign Up

CVE-2024-50154

7.0 HIGH
Denial of Service

📋 TL;DR

A race condition in the Linux kernel's TCP/DCCP implementation can cause a use-after-free vulnerability when handling connection requests. This allows attackers to potentially execute arbitrary code or cause denial of service on affected systems. The vulnerability primarily affects Linux systems with specific configurations where BPF programs are attached to trace TCP retransmissions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing commit 83fccfc3940c up to versions with fixes (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when BPF programs are attached to trace_tcp_retransmit_synack tracepoint. The reqsk timer is pinned, making exploitation less common in typical use cases.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, kernel panic causing system crash, or data corruption.

🟠

Likely Case

Kernel crash leading to denial of service, system instability, or information disclosure through memory leaks.

🟢

If Mitigated

Minimal impact if BPF tracing is disabled or systems are not internet-facing with strict firewall rules.

🌐 Internet-Facing: MEDIUM - Requires specific BPF tracing configurations and timing conditions, but could be exploited remotely via TCP connections.
🏢 Internal Only: LOW - Requires local access or internal network position, and specific BPF configurations that are less common.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires precise timing conditions and specific BPF tracing configurations. The race window is small, making reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 106e457953315e476b3642ef24be25ed862aaba3, 5071beb59ee416e8ab456ac8647a4dabcda823b1, 51e34db64f4e43c7b055ccf881b7f3e0c31bb26d, 8459d61fbf24967839a70235165673148c7c7f17, 997ae8da14f1639ce6fb66a063dab54031cd61b3

Vendor Advisory: https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable BPF tracing on TCP retransmit

linux

Remove BPF programs attached to trace_tcp_retransmit_synack tracepoint to eliminate attack surface

# Check for attached BPF programs
bpftool prog list | grep -i tcp_retransmit
# Detach BPF programs if found

Restrict BPF program loading

linux

Limit BPF program loading to trusted users only

# Set kernel.unprivileged_bpf_disabled=1
sysctl -w kernel.unprivileged_bpf_disabled=1
# Add to /etc/sysctl.conf for persistence

🧯 If You Can't Patch

  • Disable all BPF tracing and monitoring on TCP connections
  • Implement strict network segmentation and firewall rules to limit TCP connection exposure

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if BPF programs are attached to trace_tcp_retransmit_synack: bpftool prog list | grep -i tcp_retransmit

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits and no BPF programs are attached to vulnerable tracepoints

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KFENCE use-after-free detection messages
  • TCP retransmission anomalies

Network Indicators:

  • Excessive SYN+ACK retransmissions
  • Unusual TCP connection patterns

SIEM Query:

source="kernel" AND ("KFENCE" OR "use-after-free" OR "reqsk_timer_handler")

📊 Metadata

CVE ID: CVE-2024-50154
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: November 7, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50154, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)