CVE-2024-50301
📋 TL;DR
This is a Linux kernel vulnerability in the key management subsystem that allows an attacker with local access to cause a slab-out-of-bounds read, potentially leading to information disclosure or system instability. It affects Linux systems using the kernel's keyring functionality, particularly when specific key patterns are created.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to privilege escalation, denial of service, or information disclosure of sensitive kernel memory contents.
Likely Case
System crash or kernel panic due to invalid memory access, potentially causing denial of service.
If Mitigated
Limited impact if proper access controls prevent unauthorized users from creating keys or if the system is patched.
🎯 Exploit Status
Reproduction steps are documented in the CVE description and require creating specific key patterns. Syzbot has reported this issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits from git.kernel.org stable branches (e.g., 199c20fb7499c79557a075dc24e9a7dae7d9f1ce)
Vendor Advisory: https://git.kernel.org/stable/c/199c20fb7499c79557a075dc24e9a7dae7d9f1ce
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply the fix from kernel.org stable branches. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict key creation
linuxLimit ability to create keys to trusted users only
# Use SELinux/AppArmor to restrict keyctl permissions
# Review and restrict users with CAP_SYS_ADMIN
Disable keyring functionality
linuxRemove or disable keyring subsystem (may break applications)
# Not recommended for production - may break authentication systems
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from creating keys
- Monitor for unusual key creation patterns and system crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with patched versions from your distributionCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update and check that key_task_permission function no longer has the vulnerable code path📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of slab-out-of-bounds in key_task_permission
- System crashes after key creation
Network Indicators:
- None - local exploit only
SIEM Query:
Search for: 'KASAN: slab-out-of-bounds' AND 'key_task_permission' in kernel logs🔗 References
- https://git.kernel.org/stable/c/199c20fb7499c79557a075dc24e9a7dae7d9f1ce
- https://git.kernel.org/stable/c/1e4332581cd4eed75aea77af6f66cdcdda8b49b9
- https://git.kernel.org/stable/c/3e79ad156bedf2da0ab909a118d2cec6c9c22b79
- https://git.kernel.org/stable/c/4a74da044ec9ec8679e6beccc4306b936b62873f
- https://git.kernel.org/stable/c/4efb69a0e294ef201bcdf7ce3d6202cd0a545a5d
- https://git.kernel.org/stable/c/bbad2d5b6c99db468d8f88b6ba6a56ed409b4881
- https://git.kernel.org/stable/c/c3ce634ad953ce48c75c39bdfd8b711dd95f346f
- https://git.kernel.org/stable/c/e0a317ad68e4ea48a0158187238c5407e4fdec8b
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
