← Back to CVEs
CVE-2024-50169
MEDIUM5.5
Description
In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after vsock_transport::read_skb(). While here, also inform the peer that we've freed up space and it has more credit. Failing to update rx_bytes after packet is dequeued leads to a warning on SOCK_STREAM recv(): [ 233.396654] rx_queue is empty, but rx_bytes is non-zero [ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published11/7/2024
Last Modified10/1/2025
Sourcenvd
Honeypot Sightings0
Affected Products
linux:linux_kernel
References
https://git.kernel.org/stable/c/3543152f2d330141d9394d28855cb90b860091d2(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/66cd51de31c682a311c2fa25c580b7ea45859dd9(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/e5ca2b98090b4bb1c393088c724af6c37812a829(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.