Login Sign Up

CVE-2024-50168

5.5 MEDIUM

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's sun3_82586 network driver. When a packet exceeds the maximum length, the driver fails to free the memory buffer, potentially leading to resource exhaustion. This affects systems using the sun3_82586 driver, primarily older Sun-3 architecture systems.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before the fix commits (specific versions depend on kernel distribution)
Operating Systems: Linux distributions with affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the sun3_82586 network driver, which is specific to Sun-3 architecture systems (largely obsolete hardware).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could cause kernel memory exhaustion, leading to system instability, denial of service, or kernel panic.

🟠

Likely Case

Local denial of service through resource exhaustion if an attacker can repeatedly trigger the condition.

🟢

If Mitigated

Minimal impact with proper memory management and monitoring in place.

🌐 Internet-Facing: LOW - Requires local access or ability to send specially crafted packets to the affected interface.
🏢 Internal Only: LOW - Still requires local access; not remotely exploitable.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to trigger the condition; not a remote code execution vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 137010d26dc5cd47cd62fef77cbe952d31951b7a, 1a17a4ac2d57102497fac53b53c666dba6a0c20d, 2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8, 6dc937a3086e344f965ca5c459f8f3eb6b68d890, 84f2bac74000dbb7a177d9b98a17031ec8d07ec5

Vendor Advisory: https://git.kernel.org/stable/c/137010d26dc5cd47cd62fef77cbe952d31951b7a

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable sun3_82586 driver

linux

Remove or blacklist the vulnerable driver module if not needed

echo 'blacklist sun3_82586' >> /etc/modprobe.d/blacklist.conf
rmmod sun3_82586

🧯 If You Can't Patch

  • Monitor system memory usage for unusual patterns
  • Restrict local user access to systems using the affected driver

🔍 How to Verify

Check if Vulnerable:

Check if sun3_82586 module is loaded: lsmod | grep sun3_82586

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions or verify the fix commit is present in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • System memory exhaustion warnings in dmesg

Network Indicators:

  • Unusual packet size patterns to affected interfaces

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer") AND process="sun3_82586"

📊 Metadata

CVE ID: CVE-2024-50168
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: November 7, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50168, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)