VULNERABILITY

Ubuntu: (Multiple Advisories) (CVE-2024-50299): Linux kernel vulnerabilities

Try Surface Command Get a continuous 360° view of your attack surface

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2024-50299): Linux kernel vulnerabilities

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

11/19/2024

Created

03/10/2025

Added

02/20/2025

Modified

03/06/2025

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233

Solution(s)

ubuntu-upgrade-linux-image-5-15-0-1060-gkeop
ubuntu-upgrade-linux-image-5-15-0-1070-ibm
ubuntu-upgrade-linux-image-5-15-0-1072-nvidia
ubuntu-upgrade-linux-image-5-15-0-1072-nvidia-lowlatency
ubuntu-upgrade-linux-image-5-15-0-1072-raspi
ubuntu-upgrade-linux-image-5-15-0-1073-intel-iotg
ubuntu-upgrade-linux-image-5-15-0-1075-gke
ubuntu-upgrade-linux-image-5-15-0-1075-oracle
ubuntu-upgrade-linux-image-5-15-0-1077-gcp
ubuntu-upgrade-linux-image-5-15-0-1078-aws
ubuntu-upgrade-linux-image-5-15-0-1081-azure
ubuntu-upgrade-linux-image-5-15-0-1081-azure-fde
ubuntu-upgrade-linux-image-5-15-0-133-generic
ubuntu-upgrade-linux-image-5-15-0-133-generic-64k
ubuntu-upgrade-linux-image-5-15-0-133-generic-lpae
ubuntu-upgrade-linux-image-5-15-0-133-lowlatency
ubuntu-upgrade-linux-image-5-15-0-133-lowlatency-64k
ubuntu-upgrade-linux-image-5-15-0-134-generic
ubuntu-upgrade-linux-image-5-15-0-134-generic-64k
ubuntu-upgrade-linux-image-5-15-0-134-generic-lpae
ubuntu-upgrade-linux-image-5-4-0-1058-xilinx-zynqmp
ubuntu-upgrade-linux-image-5-4-0-1086-ibm
ubuntu-upgrade-linux-image-5-4-0-1099-bluefield
ubuntu-upgrade-linux-image-5-4-0-1127-kvm
ubuntu-upgrade-linux-image-5-4-0-1138-oracle
ubuntu-upgrade-linux-image-5-4-0-1140-aws
ubuntu-upgrade-linux-image-5-4-0-1143-gcp
ubuntu-upgrade-linux-image-5-4-0-1145-azure
ubuntu-upgrade-linux-image-5-4-0-208-generic
ubuntu-upgrade-linux-image-5-4-0-208-generic-lpae
ubuntu-upgrade-linux-image-5-4-0-208-lowlatency
ubuntu-upgrade-linux-image-6-11-0-1005-realtime
ubuntu-upgrade-linux-image-6-11-0-1008-raspi
ubuntu-upgrade-linux-image-6-11-0-1009-aws
ubuntu-upgrade-linux-image-6-11-0-1009-azure
ubuntu-upgrade-linux-image-6-11-0-1009-azure-fde
ubuntu-upgrade-linux-image-6-11-0-1009-gcp
ubuntu-upgrade-linux-image-6-11-0-1010-lowlatency
ubuntu-upgrade-linux-image-6-11-0-1010-lowlatency-64k
ubuntu-upgrade-linux-image-6-11-0-1011-oracle
ubuntu-upgrade-linux-image-6-11-0-1011-oracle-64k
ubuntu-upgrade-linux-image-6-11-0-1015-oem
ubuntu-upgrade-linux-image-6-11-0-18-generic
ubuntu-upgrade-linux-image-6-11-0-18-generic-64k
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-aws-lts-20-04
ubuntu-upgrade-linux-image-aws-lts-22-04
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-cvm
ubuntu-upgrade-linux-image-azure-fde
ubuntu-upgrade-linux-image-azure-fde-lts-22-04
ubuntu-upgrade-linux-image-azure-lts-20-04
ubuntu-upgrade-linux-image-azure-lts-22-04
ubuntu-upgrade-linux-image-bluefield
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-gcp-lts-20-04
ubuntu-upgrade-linux-image-gcp-lts-22-04
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
ubuntu-upgrade-linux-image-generic-hwe-18-04
ubuntu-upgrade-linux-image-generic-hwe-20-04
ubuntu-upgrade-linux-image-generic-hwe-24-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
ubuntu-upgrade-linux-image-gke
ubuntu-upgrade-linux-image-gke-5-15
ubuntu-upgrade-linux-image-gkeop
ubuntu-upgrade-linux-image-gkeop-5-15
ubuntu-upgrade-linux-image-ibm
ubuntu-upgrade-linux-image-ibm-lts-20-04
ubuntu-upgrade-linux-image-intel
ubuntu-upgrade-linux-image-intel-iotg
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
ubuntu-upgrade-linux-image-nvidia
ubuntu-upgrade-linux-image-nvidia-lowlatency
ubuntu-upgrade-linux-image-oem
ubuntu-upgrade-linux-image-oem-20-04
ubuntu-upgrade-linux-image-oem-20-04b
ubuntu-upgrade-linux-image-oem-20-04c
ubuntu-upgrade-linux-image-oem-20-04d
ubuntu-upgrade-linux-image-oem-24-04
ubuntu-upgrade-linux-image-oem-24-04a
ubuntu-upgrade-linux-image-oem-24-04b
ubuntu-upgrade-linux-image-oem-osp1
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-64k
ubuntu-upgrade-linux-image-oracle-lts-20-04
ubuntu-upgrade-linux-image-oracle-lts-22-04
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-raspi-nolpae
ubuntu-upgrade-linux-image-realtime
ubuntu-upgrade-linux-image-realtime-hwe-24-04
ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-18-04
ubuntu-upgrade-linux-image-virtual-hwe-20-04
ubuntu-upgrade-linux-image-virtual-hwe-24-04
ubuntu-upgrade-linux-image-xilinx-zynqmp

References

https://attackerkb.com/topics/cve-2024-50299
CVE - 2024-50299
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

VULNERABILITY

Ubuntu: (Multiple Advisories) (CVE-2024-50299): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-50299): Linux kernel vulnerabilities

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.