{"vulnerability": "CVE-2024-50072", "sightings": [{"uuid": "303522d1-5358-42b2-a468-01e101312dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50072", "type": "seen", "source": "https://t.me/cvedetector/9237", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50072 - Linux Kernel x86 VERW Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50072 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nx86/bugs: Use code segment selector for VERW operand  \n  \nRobert Gill reported below #GP in 32-bit mode when dosemu software was  \nexecuting vm86() system call:  \n  \n  general protection fault: 0000 [#1] PREEMPT SMP  \n  CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1  \n  Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010  \n  EIP: restore_all_switch_stack+0xbe/0xcf  \n  EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000  \n  ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc  \n  DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046  \n  CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0  \n  Call Trace:  \n   show_regs+0x70/0x78  \n   die_addr+0x29/0x70  \n   exc_general_protection+0x13c/0x348  \n   exc_bounds+0x98/0x98  \n   handle_exception+0x14d/0x14d  \n   exc_bounds+0x98/0x98  \n   restore_all_switch_stack+0xbe/0xcf  \n   exc_bounds+0x98/0x98  \n   restore_all_switch_stack+0xbe/0xcf  \n  \nThis only happens in 32-bit mode when VERW based mitigations like MDS/RFDS  \nare enabled. This is because segment registers with an arbitrary user value  \ncan result in #GP when executing VERW. Intel SDM vol. 2C documents the  \nfollowing behavior for VERW instruction:  \n  \n  #GP(0) - If a memory operand effective address is outside the CS, DS, ES,  \n    FS, or GS segment limit.  \n  \nCLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user  \nspace. Use %cs selector to reference VERW operand. This ensures VERW will  \nnot #GP for an arbitrary user %ds.  \n  \n[ mingo: Fixed the SOB chain. ] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T03:03:14.000000Z"}]}