CVE-2024-50260 Information

Description

In the Linux kernel the following vulnerability has been resolved:

sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()

The following race condition could trigger a NULL pointer dereference:

sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); … sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); … sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex);

Fix it by adding a NULL pointer check. In this specific case it makes no sense to update a link which is being released.

Reference

https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b