{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/vex/2024/cve-2024-50154-els_os-centos8stream-els.json" } ], "title": "Security update on CVE-2024-50154", "tracking": { "current_release_date": "2025-12-23T20:02:11Z", "generator": { "date": "2025-12-23T20:02:11Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-50154-ELS_OS-CENTOS8STREAM-ELS", "initial_release_date": "2024-11-07T10:15:00Z", "revision_history": [ { "date": "2024-11-07T10:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T21:05:15Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T20:02:11Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-perf@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-modules@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-modules-internal@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-selftests-internal@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product": { "name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_id": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-modules@4.18.0-553.6.1.el8_10.tuxcare.els10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" }, "product_reference": "kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-50154", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req->sk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer->entry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req->sk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req->sk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req->sk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req->sk\n\nLet's not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50154" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3", "url": "https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1", "url": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d", "url": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17", "url": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3", "url": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c964bf65f80a14288d767023a1b300b30f5b9cd0", "url": "https://git.kernel.org/stable/c/c964bf65f80a14288d767023a1b300b30f5b9cd0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f", "url": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f" } ], "release_date": "2024-11-07T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:python3-perf-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-debug-modules-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-tools-libs-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-tools-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-tools-libs-devel-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-selftests-internal-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:bpftool-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64", "CentOS-Stream-8:kernel-debug-modules-0:4.18.0-553.6.1.el8_10.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }