{"uuid": "85bc6fc9-0555-433d-b8e5-41bc0bb0f2ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50130", "type": "seen", "source": "https://t.me/cvedetector/9931", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50130 - Linux Netfilter BPF NetNamespace Reference Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50130 \nPublished : Nov. 5, 2024, 6:15 p.m. | 22\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetfilter: bpf: must hold reference on net namespace  \n  \nBUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0  \nRead of size 8 at addr ffff8880106fe400 by task repro/72=  \nbpf_nf_link_release+0xda/0x1e0  \nbpf_link_free+0x139/0x2d0  \nbpf_link_release+0x68/0x80  \n__fput+0x414/0xb60  \n  \nEric says:  \n It seems that bpf was able to defer the __nf_unregister_net_hook()  \n after exit()/close() time.  \n Perhaps a netns reference is missing, because the netns has been  \n dismantled/freed already.  \n bpf_nf_link_attach() does :  \n link->net = net;  \n But I do not see a reference being taken on net.  \n  \nAdd such a reference and release it after hook unreg.  \nNote that I was unable to get syzbot reproducer to work, so I  \ndo not know if this resolves this splat. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T19:44:36.000000Z"}