vulnerability

Red Hat: CVE-2024-50130: kernel: netfilter: bpf: must hold reference on net namespace (Multiple Advisories)

Name: Red Hat: CVE-2024-50130: kernel: netfilter: bpf: must hold reference on net namespace (Multiple Advisories)
Creator: Red Hat
Published: 2024-11-05T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2024, 50130, kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 4

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:S/C:N/I:N/A:C)

Published

Nov 5, 2024

Added

May 15, 2025

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bpf: must hold reference on net namespace

BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0
Read of size 8 at addr ffff8880106fe400 by task repro/72=
bpf_nf_link_release+0xda/0x1e0
bpf_link_free+0x139/0x2d0
bpf_link_release+0x68/0x80
__fput+0x414/0xb60

Eric says:
It seems that bpf was able to defer the __nf_unregister_net_hook()
after exit()/close() time.
Perhaps a netns reference is missing, because the netns has been
dismantled/freed already.
bpf_nf_link_attach() does :
link->net = net;
But I do not see a reference being taken on net.

Add such a reference and release it after hook unreg.
Note that I was unable to get syzbot reproducer to work, so I
do not know if this resolves this splat.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report